{ "id": "6a80aa0e-298a-483a-92a6-bb183e50ebcb", "created_at": "2026-04-06T00:08:26.111278Z", "updated_at": "2026-04-10T03:30:33.871024Z", "deleted_at": null, "sha1_hash": "805d32a8ba91aebe96a4d157542314a5757f042c", "title": "Banking Trojan Zeus Panda shambles into Brazil ahead of Olympics", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 35667, "plain_text": "Banking Trojan Zeus Panda shambles into Brazil ahead of\r\nOlympics\r\nBy Devin Coldewey\r\nPublished: 2016-08-04 · Archived: 2026-04-05 20:44:59 UTC\r\n11:38 AM PDT · August 4, 2016\r\nIt seems there’s no limit to the perils being faced by athletes at the Rio 2016 Olympics: not just their competitors,\r\nbut toxic water, poor accommodations and impressive mobile bills. Add malicious pandas to the menu — virtual\r\nones, at least. A nasty Trojan known as Zeus Panda has made its way to the Olympic host just in time for an influx\r\nof visitors.\r\nIBM’s X-Force Research discovered that the Trojan, a variant of the Zeus variety that’s been kicking around for\r\nthe last few years, had spread to Brazil in July. Zeus and its relatives — the pantheon, if you will — target\r\ntransactions such as online banking logins, payment portals and bitcoin exchanges. Basically anywhere they can\r\nslip in and steal a login with the power to approve more such transactions.\r\nThe specifics of this Panda variant are discussed here by Arbor Networks. It seems to be largely the same as\r\nprevious malware in this lineage, albeit modified to frustrate the latest detection packages and target Brazilian\r\nbanks and services specifically.\r\nDeployment appears to be done professionally, as well — the Trojan is likely being sold in the usual nooks of the\r\nDark Net where such sundries are found. So far the preferred delivery mechanism has been Word docs with\r\nembedded code that activates the malware, but other vectors are of course in play, as well. One-time passwords for\r\ntwo-factor authentication are acquired via a fraudulent 2FA pop-up that forwards that data on to the hackers.\r\nIBM notes that the software behind Zeus Panda isn’t particularly new, nor is the cybercrime scene in Brazil\r\nparticularly advanced — so Panda may be as a wolf (or rather bear) among lambs.\r\nYou can avoid Trojans like this by not opening strange attachments or following suspicious links, but it can also\r\nbe addressed at a systematic level by the banks being targeted. The methodology of this malicious software is well\r\nunderstood, but it takes vigilance (and savvy IT) to keep it at bay.\r\nTopics\r\nDevin Coldewey is a Seattle-based writer and photographer.\r\nHis personal website is coldewey.cc.\r\nView Bio\r\nhttps://techcrunch.com/2016/08/04/banking-trojan-zeus-panda-shambles-into-brazil-ahead-of-olympics/\r\nPage 1 of 2\n\nSource: https://techcrunch.com/2016/08/04/banking-trojan-zeus-panda-shambles-into-brazil-ahead-of-olympics/\r\nhttps://techcrunch.com/2016/08/04/banking-trojan-zeus-panda-shambles-into-brazil-ahead-of-olympics/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://techcrunch.com/2016/08/04/banking-trojan-zeus-panda-shambles-into-brazil-ahead-of-olympics/" ], "report_names": [ "banking-trojan-zeus-panda-shambles-into-brazil-ahead-of-olympics" ], "threat_actors": [ { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434106, "ts_updated_at": 1775791833, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/805d32a8ba91aebe96a4d157542314a5757f042c.pdf", "text": "https://archive.orkl.eu/805d32a8ba91aebe96a4d157542314a5757f042c.txt", "img": "https://archive.orkl.eu/805d32a8ba91aebe96a4d157542314a5757f042c.jpg" } }