VERY IMPORTANT

Panda Banker is a banking trojan which uses a variant of the Zeus source code. First discovered in 2016 [1], this threat remains active and recently received numerous updates. Panda Banker injects malicious script code into a target's web page on the victim's browser by using man-in-the-browser techniques. The injected code grabs bank account, credit card, and personal information. Panda Banker has recently been delivered via Emotet. Panda Banker takes several steps to hide its behavior. Heavy code obfuscation and multi-encryption layering make it difficult to dissect this malware’s C2 communication and malicious scripting. Panda Banker primarily targets victims in the United States, Canada, and Japan. The malware focuses on bank account, credit card, and web wallet information.