F5 Labs security researchers have spotted four cyber campaigns using Panda malware, a spinoff of the infamous Zeus banking trojan. The campaigns were active between February and May of 2018. Three of them are still active as of this month.
According to the F5 report, the first Panda campaign targeted cryptocurrency sites in February, then began targeting Facebook and Twitter in the most recent campaigns still active in May.
“Two of the four campaigns are acting from the same botnet version but have different targets and different command and control (C&C) servers,” F5 wrote in recent blog post on Wednesday.
Panda is still targeting global financial services, but has expanded its reach to online cryptocurrency exchanges and brokerage services, as well as social media, search, email and adult sites.
“We have been seeing an expansion of banking trojan targets into other industries that collect payment information and other forms of personally identifiable information (PII), so this behavior is not surprising given the size of the adult industry and potential revenue generation for fraudsters,” F5 said.