Rio 2016: Zeus Panda Banking Trojan Arrives in Brazil | eWeek

Rio 2016: Zeus Panda Banking Trojan Arrives in Brazil

Zeus Panda banking trojan
Written By
Guest Author
Guest Author
Aug 8, 2016
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

By Steve McCaskill

A variant of the Zeus banking Trojan has arrived in Brazil just in time for the 2016 Olympic Games in Rio de Janeiro.

Experts at IBM X-Force Research say Zeus Panda is based on existing code and exhibits much of the same behavior as other Zeus types but has some modifications, mostly related to its encryption and communication schemes.

Zeus Panda has targeted Europe and North America since early 2016, targeting online payments, prepaid cards, betting accounts and other financial transactions.


Rio 2016 Zeus Panda

It arrived in Brazil in July, targeting local banks, law enforcement agencies and even supermarket chain delivery services. Researchers suspect a cyber-crime group at least partly located in the South American country is responsible.

Botnets spread the malware to infected machines, making use of exploit kits like Angler and Neutrino. A popular attack method is a malicious Microsoft Word document, but Zeus Panda has also targeted specific company email addresses with personalized messages.

Its favored fraud methodology is account takeover where credentials are stolen and used to initiate a transaction from another device. The victim is then held online by deceptive pop up windows that allow the attacker to complete the fraudulent attack in real time.


Targeting Brazil

“Panda’s move to Brazil is a very interesting occurrence in the country,” said IBM executive security advisor Limor Kessem. “Brazil’s cyber-crime landscape is dominated by relatively simplistic codes designed for specific fraud scenarios, such as Boleto fraud, remote access fraud and malware used for phishing.

“Zeus Panda may not be the first ever modular banking Trojan to operate in Brazil, but it is definitely a major step up from the malicious Delphi-based malcode that’s so typical in the country. This migration of a new and commercial Zeus variant into Brazil also underscores the growing collaboration between Brazil-based cyber-criminals and cyber-crime vendors from other countries and underground communities—a trend that has been picking up speed in Brazil since the beginning of this year.

“Judging by recent emerging campaigns observed by X-Force Research, Zeus Panda appears to be an active and evolving project that is being commercialized to cyber-criminals through Dark Web forums. As such, we expect to see more variations of this malware and new botnets appearing in the coming months, likely targeting different countries beyond those appearing in current configurations.”

Rio 2016 is a target for cyber-criminals, with recent research from Proofpoint suggesting there are 4,500 malicious apps on popular marketplaces attempting to capitalize on the Games, while 15 percent of social media accounts associated with the Olympics are fraudulent.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.