Skip to content ↓ | Skip to navigation ↓

A new banking called Pandemiya  made its debut in underground black markets, and the modular malware is being touted as an alternative to the powerful Zeus Trojan that has plagued the Internet for years.

“Pandemiya is designed to enable a botmaster to spy on an infected computer – secretly stealing form data, login credentials and files from the victim, as well as taking snapshots of the victim’s computer screen,” wrote RSA’s Eli Marcus.

“This malware also allows the injection of fake pages into an internet browser in an effort to gather additional sensitive information from the victims themselves.”

Pandemiya’s developers are marketing the malware for $1500 USD to obtain the core application, and also offer for the core application with plugins providing additional functionalities for $2000 USD.

What makes Pandemiya unique is that it does not employ any of the code from Zeus, which was leaked on underground forums several years ago, allowing multiple variants to be developed and deployed in campaigns aimed at data theft, login credential harvesting, and fraud.

Pandemiya is equipped with some advanced evasion capabilities, and it’s modular design makes it likely that new features will be added to the malware’s array of features as development continues.

“Like many of the other Trojans we’ve seen of late, Pandemiya includes protective measures to encrypt the communication with the control panel, and prevent detection by automated network analyzers. An interesting aspect of the application is its modular design, which makes it quite easy to expand and add functionality,” Marcus said.

“The advent of a freshly coded new Trojan malware application is not too common in the underground. The design choice to make this malware modular and easy to expand upon with DLL plugins could make it more pervasive in the near future.”

Read More Here…