Panda Banker is a Trojan that focuses on stealing banking login information to gain unauthorized access into customers’ bank accounts and banks’ critical infrastructure causing serious financial damage. This Trojan was first reported in 2016.
Panda Banker malware makes use of the man-in-the-middle technique to infect banking web page by injecting malicious code. The injected codes capture credit cards, bank accounts and personal information. This malware hides its track through multi-layer encryption, making it difficult to uncover its C2 communication and scripting.
The image below shows that between the 12th to 14thof March 2024 Panda Banker Malware carried out three successful attacks on Kenyan banks.
Gerald Munyiri revealed that the incident at Equity Bank took place between 09-15 March 2024 based on initial investigation carried out by the bank’s Risk Department.
In the early morning of 15 March 2024, the risk department detected anomalies in transactions coming from the bank’s Incoming MasterCard GL. Upon further investigation they realised Ksh 179,677,736 was paid out from GL fraudulently to 551 Equity Bank Accounts, and additional Ksh 63,023,983 sent to Mpesa accounts and Ksh 39,047,344 to another eleven commercial bank accounts.
How to Safeguard against Panda Banker Attack
Keep Enterprise Software Updated: Keeping operating systems, applications, and security software updated by regularly patching vulnerabilities that could be exploited by Panda Banker and malware of similar attributes can protect against attacks.
Use of Strong Antivirus: Install antivirus software with real time scanning capabilities to detect and remove malware threats including Panda Banker.
Exercise caution with email links: Employees working in the financial sector must be extremely cautious when clicking on links or attachments from unknown sources as these may be the delivery channel for the malware.
Implement Network Segmentation: Network Segmentation limits the potential impact of malware infection from Panda Banker by preventing its spread across the entire enterprise infrastructure.
Implementation of Multi-Factor Authentication: Multi-Factor Authentication adds an extra layer of security to customers’ bank accounts, and limits and stops malicious malware.
Cyber Education: Develop and implement an employee cyber education program, so employees can identify phishing attempts, suspicious websites and other common techniques used by malware like Panda Banker.
Monitor Network Traffic: It is important to regularly monitor network traffic, to detect any unusual activity.
Secure Remote Access: Remote access to critical infrastructure like banks must be highly secured. Only authorized staff can be granted access through VPNs.
Backup Data Regularly: This helps a bank recover quickly from a breach returning services bank to customers with clear Recover Time objectives (RTO) and Recover Point Objectives (RPO) to achieve business continuity.
Implement Security Policies: Develop and implement password security policies which oblige customers and employees to have strong password.
Obase Mandi Manga is the Cyber Security Engineer, HackProof Hub www.hackproofhub.au Email: mandi@hackproofhub.au