Malware News DanaBot Banking Trojan Moves to Europe, Adds RDP and 64-bit Support

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The covert banking Trojan DanaBot uncovered by Proofpoint in May 2018 when it began targeting Australia and Poland via malicious URLs has now moved to Europe, with new e-mail campaigns affecting Italy, Austria, Germany, and Ukraine.

According to an analysis made by ESET Research, the DanaBot banking Trojan written in Delphi has a modular structure easily expandable by the threat actors behind it via plug-ins.

Before moving to Europe, during the Australian-based campaigns, DanaBot came with four plug-ins. The VNC plug-in which would allow the attacker to connect to the victim's machine, while the stealer plug-in designed to automatically collect all passwords entered in a wide range of applications.

Furthermore, DanaBot's "Australian"-flavored release came with a sniffer plug-in that would inject malicious code within the websites visited by the target to steal sensitive information such as credentials and payment data, and a TOR plug-in that helped it connect to .onion sites.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top