Cyber security company spots malicious ‘crypto stealer’ malware

A malware dubbed as “Panda Stealer,” also known as “Crypto Stealer,” has been spotted by a cybersecurity company as it would appear to have been spread through massive spam campaigns in several countries that include the United States, Australia, Japan, and Germany.

According to, Trend Micro, the company that spotted the malware, published a report detailing the security threat. It explained that the stealer is a variant of another malware called “Collector Stealer.”

This malware uses the same algorithms designed to be undetected by most security tools and is embedded in a malicious Excel file in .xlsm format.

How the malware works

The “Panda Stealer” starts its malicious processes once the potential victim executes a series of so-called Powershell scripts in the infected document.

Once activated, it collects key crypto-related data, including private keys and records of past transactions completed through wallets of cryptocurrencies such as Dash, Litecoin, and Ethereum.

The stealer is not just limited to being able to catch digital asset-related data. Studies have shown that it can also steal credentials from Telegram, Nordvpn, and Discord.

Panda Stealer also has the ability to take screenshots from infected computers and capture data from browsers such as credit card information, making it a very serious threat.

Not the first of its kind

This isn’t the first time that a cyber threat of this kind has been discovered.

On Darknet forums, a cryptocurrency-related malware program known as “Westeal” has been heavily advertised recently as the leading way to make money in 2021.

The discovery of the malware and details of its exploits, and the potential damage it can cause raised alarms among the cybersecurity community. It has the ability to steal crypto, like bitcoin and ethereum. However, its malicious code can only work under a subscription model.


Image courtesy of Cointelegraph News/YouTube

Micky is a news site and does not provide trading, investing, or other financial advice. By using this website, you affirm that you have read and agree to abide by our Terms and Conditions.
Micky readers - you can get a 10% discount on trading fees on FTX and Binance when you sign up using the links above.