DanaBot, one of the most recent cyberthreats to hit the banking industry, has developed a way to avoid detection on virtual machines as it shifts focus from Australia to Poland.
The malware’s upgraded capabilities mean that DanaBot will not run its executable within a virtual machine (VM) environment, making it even more difficult to detect with basic security tools, according to research from
IBM Trusteer.
DanaBot surfaced in May 2018, with
initial attacks involving Australian financial institutions that fell for a bogus invoice issued from a legitimate, local accounting software firm called MYOB. Like other financial cyberthreats, DanaBot can steal access to user accounts and remotely control devices to commit fraud. The most recent activity, however, shows the banking Trojan is now being aimed at Polish banks and cryptocurrency exchange platforms.
