silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
The covert banking Trojan DanaBot uncovered by Proofpoint in May 2018 when it began targeting Australia and Poland via malicious URLs has now moved to Europe, with new e-mail campaigns affecting Italy, Austria, Germany, and Ukraine.
According to an analysis made by ESET Research, the DanaBot banking Trojan written in Delphi has a modular structure easily expandable by the threat actors behind it via plug-ins.
Before moving to Europe, during the Australian-based campaigns, DanaBot came with four plug-ins. The VNC plug-in which would allow the attacker to connect to the victim's machine, while the stealer plug-in designed to automatically collect all passwords entered in a wide range of applications.
Furthermore, DanaBot's "Australian"-flavored release came with a sniffer plug-in that would inject malicious code within the websites visited by the target to steal sensitive information such as credentials and payment data, and a TOR plug-in that helped it connect to .onion sites.
According to an analysis made by ESET Research, the DanaBot banking Trojan written in Delphi has a modular structure easily expandable by the threat actors behind it via plug-ins.
Before moving to Europe, during the Australian-based campaigns, DanaBot came with four plug-ins. The VNC plug-in which would allow the attacker to connect to the victim's machine, while the stealer plug-in designed to automatically collect all passwords entered in a wide range of applications.
Furthermore, DanaBot's "Australian"-flavored release came with a sniffer plug-in that would inject malicious code within the websites visited by the target to steal sensitive information such as credentials and payment data, and a TOR plug-in that helped it connect to .onion sites.