Malware Alert DanaBot Banking Trojan Moves to Europe, Adds RDP and 64-bit Support

silversurfer

Level 44
Content Creator
AV-Tester
Verified
Joined
Aug 17, 2014
Messages
3,349
#1
The covert banking Trojan DanaBot uncovered by Proofpoint in May 2018 when it began targeting Australia and Poland via malicious URLs has now moved to Europe, with new e-mail campaigns affecting Italy, Austria, Germany, and Ukraine.

According to an analysis made by ESET Research, the DanaBot banking Trojan written in Delphi has a modular structure easily expandable by the threat actors behind it via plug-ins.

Before moving to Europe, during the Australian-based campaigns, DanaBot came with four plug-ins. The VNC plug-in which would allow the attacker to connect to the victim's machine, while the stealer plug-in designed to automatically collect all passwords entered in a wide range of applications.

Furthermore, DanaBot's "Australian"-flavored release came with a sniffer plug-in that would inject malicious code within the websites visited by the target to steal sensitive information such as credentials and payment data, and a TOR plug-in that helped it connect to .onion sites.