Home Malware Programs Malware Vicious Panda

Vicious Panda

Posted: March 12, 2020

Vicious Panda is an APT or Advanced Persistent Threat believed to be in China and targeting nations such as Mongolia and other entities of interest to the Chinese government. Vicious Panda's campaigns specialize in espionage with significant psychological manipulation for gaining access to targets, such as crafting fake Coronavirus help documents and websites. Users should avoid unofficial resources for such purposes and let their anti-malware products remove Vicious Panda's RATs and other software as appropriate.

The Panda Attack that Rides on a Global Epidemic

China-based threat actors are scarcely new to the threat landscape, as the Ke3chang APT's Okrum trojan, Axiom's Mdmbot, and other examples attest. Despite not being a geographic novelty, the formerly-anonymous Vicious Panda is making waves due to its use of sensitive health news information for its attacks. The threat actor is turning the spread of the Coronavirus into an advantage by providing informational resources – but with dangerous content hidden inside.

Vicious Panda uses either crafted e-mails or websites for circulating RTF documents containing information about Coronavirus or COVID-19, such as global distribution statistics or nationally-localized updates. Samples available to our malware researchers are custom-made for each victim's region, such as being in the Mongolian language for Mongolian businesses. However, they contain vulnerabilities (using RoyalRoad, a prominent, China-favored exploitation tool) that compromise the victim's PC.

Vicious Panda may trick users into sharing passwords or other information, such as by spoofing websites and services. They also may exploit the presence of malicious software that the documents drop, such as Remote Access Trojans, for the expected purposes – such as downloading other trojans, taking screenshots, or monitoring active services.

Soothing a Bear without Risking Your Computer

Although its COVID-19 campaign is occurring adjacent to another set of attacks that leverage the disease for panic (CoronaVirus Ransomware, a trojan partner to KPOT Stealer), Vicious Panda is a long-term APT. Further attacks by these attackers may not follow the same general scams as current ones, and their limited C&C activity makes their overall habits and goals challenging analysis targets. Our malware experts, however, recommend taking standard protective steps against possibly dangerous documents, such as disabling macros, having all security patches, and scanning files before launching them.

Vicious Panda's current payloads contain limited symptoms. Despite the low-key nature of all RATs and backdoor trojans, somewhat visible attacks may coincide with Vicious Panda security problems. Users should stay attentive for unexpected requests for information from their computer when the source is unverifiable and asks for highly-sensitive data like passwords.

Anti-malware products with updated databases still have the best chances of removing Vicious Panda's trojans and related threats before any harm comes to your PC or the rest of its network, when applicable.

Plagues are social phenomena as they are biological ones. Vicious Panda is showing the threat landscape just how useful a good disaster can be to criminals who ride information right into places they don't belong.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Vicious Panda may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Vicious Panda may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.