Pandemiya
Posted: November 24, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | November 24, 2015 |
|---|---|
| Last Seen: | January 25, 2019 |
| OS(es) Affected: | Windows |
Pandemiya is a spyware program used for collecting information from either random individuals or specialized targets, with advanced features for guaranteeing its persistence and compromising any local Web-browsing activities. Because Pandemiya is rented out to third parties, its distribution methods may include diverse delivery strategies although malware analysts only can confirm Pandemiya using drive-by-downloads via website-hosted exploit kits. Removing Pandemiya necessitates significant Registry changes and should be done through specialized anti-malware products when such are available.
The Newest Cyber-Spy Selling Itself at a High Price
The lucrative nature of spyware development isn't solely about collecting profitable information; it also may include reaping financial rewards from other con artists. Using the same 'for rent' business model as Zeus, Pandemiya is sold on a temporary usage basis for prices starting at over one thousand USD, up to two thousand for its full, modular package. In addition to its baseline functions, Pandemiya may use easily-added DLL modules to expand its feature set. Examples of these optional extras include a plugin for distributing Pandemiya on Facebook pages and one that compromises FTP accounts with the assistance of an iFrame infection.
However, Pandemiya has seen major headlines from its core features, which cause some sources to speculate that Pandemiya may supplant the highly-popular, often-imitated Keylogger Zeus as the 'default' multi-purpose spyware of choice. Malware experts and other sources in the industry confirmed that Pandemiya's code, seemingly built up over a year of independent development, lacks any direct derivatives from Zeus, despite showing identical goals in its attacks. Some of Pandemiya's most meaningful default characteristics may include:
- Pandemiya may auto-inject itself into every new memory process, including re-injecting itself, as needed.
- Pandemiya may encrypt its network communication to prevent its detection by common threat detection technology.
- Pandemiya may inject compromised HTML into at least three, separate brands of Web browsers. Pandemiya also may collect text-based form input from these same browsers. Common uses for these attacks include redirecting a victim to a fake bank login page and then gathering any information entered.
Taking the Pandemonium out of Dealing with Pandemiya
In addition to taking steps against being identified by security industry analysts or removed by its victims, Pandemiya also includes default features clearly meant to guard against unaffiliated third parties hijacking its components. The effort put into its self-preservation, and substantial, individualized development makes it likely that Pandemiya's developers intend to make use of this spyware kit for months or even years to come. Social network users should be aware of common baiting tactics used to install Trojans, such as corrupted image links, although Pandemiya's distribution model could see new changes with each new con artist renting its services.
Deleting Pandemiya requires significant changes to the Registry, including entries associated with Windows security features. Use your anti-malware products to make these changes and prevent Pandemiya from starting automatically. Then reboot your computer and launch an additional scan for removing Pandemiya's files, which include some randomized file names. Pandemiya's timely deletion can prevent victims from suffering losses of bank account passwords and other, equally sensitive data.
Technical Details
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\Session Manager\AppCertDlls\"[RANDOM CHARACTERS]" = "%System%\[RANDOM CHARACTERS].dll" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "C:\Documents and Settings\All Users\Application Data\[RANDOM CHARACTERS].exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.