DanaBot Banking Malware Set Against US Banks

Security researchers at Proofpoint recently uncovered new DanaBot campaigns. The malware has been adopted by threat actors targeting Europe and North America. Previous targets included Australian organizations. Currently, DanaBot is set against financial organizations in the United States.

DanaBot campaigns have also been detected by ESET researchers against countries such as Poland, Italy, Germany, and Austria. At the end of September, a threat actor that typically targets the United States with daily campaigns distributing the Panda banking Trojan switched to delivering DanaBot for a day, Proofpoint revealed.

On September 26, Proofpoint researchers observed a campaign with hundreds of thousands of email messages targeting US recipients. The emails used an eFax lure and contained a URL linking to the download of a document containing malicious macros. The macros, if enabled by the user, executed the embedded Hancitor malware, which, in turn, received tasks to download two versions of Pony stealer and the DanaBot banking malware.

More about DanaBot

The DanaBot Trojan was first detected in May 2018. As it appears, samples continue to be spread to users worldwide. Attackers continue to use various strategies in order to spread it.

One of the primary distribution techniques has been the use of SPAM email messages. Social engineering techniques are used that design the emails with elements taken from famous companies. This can confuse the users into thinking that they have received a legitimate notification or a password reset link. Upon interacting with the elements the users may download and execute the DanaBot Trojan file directly or be prompted into following “instructions” that will ultimately lead to its installation.

DanaBot has been found to contain a modular engine that can be customized according to the proposed targets. It follows a multi-stage infection pattern that begins with the initial infection. A series of scripts are (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/danabot-banking-malware-us-banks/