A risky strain of malware has re-emerged employing a distribution process that tips users into downloading destructive computer software disguised as VPNs, anti-virus programs, or on-line game titles.
The malware, DanaBot, was regularly used by threat actors involving May well 2018 and June 2020, right before seemingly likely on hiatus.
DanaBot is now staying distributed by web sites providing pirated or cracked variations of various computer software answers. The trojan malware is capable of stealing an individual’s on-line banking credentials.
“For practically two a long time, DanaBot was one particular of the top rated banking malwares staying applied in the crimeware threat landscape,” Proofpoint scientists discussed.
“Multiple threat actors have been distributing and employing it to focus on financials in several countries. In the middle of 2020, DanaBot action dropped off. Some of the affiliates that have been employing it have ongoing their strategies employing other banking malware (e.g. Ursnif and Zloader). It is unclear no matter whether COVID-19, level of competition from other banking malware, redevelopment time, or some thing else induced the dip, but it looks like DanaBot is again and striving to regain its foothold in the threat landscape.”
The DanaBot malware is effective by hiding two stealer parts inside of the computer software vital of pirated applications. The initially computer software vital is applied to collect browser facts, technique data, and cryptocurrency wallets from the victim, when the 2nd is applied to set up a cryptocurrency miner.
It is probable that the use of DanaBot will improve now that the malware has made its return to the threat landscape. In distinct, the crypto mining attribute incorporated in the hottest variant of DanaBot may possibly sign that future assaults may possibly be much more targeted on the cryptocurrency place.
With DanaBot’s return, individuals really should be even much more very careful to only download computer software from dependable sources. It is not unusual for malware to be secretly bundled with pirated substance.