Date:15/10/18
Security experts at ESET have found a huge surge of activity in the DanaBot banking Trojan since it has been targeting Poland, Italy, Germany, Austria. DanaBot was spotted earlier this year as a multi-stage banking trojan written in Delphi.
The malware allows its operators to add new features by simply adding new plugins, some of these plugins have been used in the previous attacks on Australian banks in May 2018.
What are the plugins?
- VNC plug-in – establishes a link to a victim’s computer and remotely commands it
- Sniffer plug-in – injects malicious scripts into a victim’s browser, regularly while visiting internet banking sites
- Stealer plug-in – harvests passwords from a wide variety of apps (browsers, FTP clients, VPN clients, chat and email programs, poker programs etc.)
- TOR plug-in – installs a TOR proxy and enables access to .onion websites
The Threat has been under active development by the group according to the report from security researchers at Proofpoint. While the banking trojan has initially targeted Australia they have expanded their operations to other nations including the Italy, Germany, Austria as of September 2018.
Which nation was mainly targeted by the DanaBot?
The attack that targeted Poland is still ongoing and is still sending out many spam messages that aim to compromise victims leveraging the Brishloader technique which uses a combination of PowerShell and VBS Scripts.
Attackers have introduced several changes to the DanaBot plug-in since the previously reported campaigns such as the stealer plugin-in was compiled for the 64-Bit version since August 25th 2018. Authors have also implemented the RDP protocol using the open-source project called RDPWrap. The RDP plugi was implemented by the threat actors as it is less likely to be blocked by the firewall.
DanaBot has been targeting European Nations
Security experts at ESET have found a huge surge of activity in the DanaBot banking Trojan since it has been targeting Poland, Italy, Germany, Austria. DanaBot was spotted earlier this year as a multi-stage banking trojan written in Delphi.The malware allows its operators to add new features by simply adding new plugins, some of these plugins have been used in the previous attacks on Australian banks in May 2018.
What are the plugins?
- VNC plug-in – establishes a link to a victim’s computer and remotely commands it
- Sniffer plug-in – injects malicious scripts into a victim’s browser, regularly while visiting internet banking sites
- Stealer plug-in – harvests passwords from a wide variety of apps (browsers, FTP clients, VPN clients, chat and email programs, poker programs etc.)
- TOR plug-in – installs a TOR proxy and enables access to .onion websites
The Threat has been under active development by the group according to the report from security researchers at Proofpoint. While the banking trojan has initially targeted Australia they have expanded their operations to other nations including the Italy, Germany, Austria as of September 2018.
Which nation was mainly targeted by the DanaBot?
The attack that targeted Poland is still ongoing and is still sending out many spam messages that aim to compromise victims leveraging the Brishloader technique which uses a combination of PowerShell and VBS Scripts.
Attackers have introduced several changes to the DanaBot plug-in since the previously reported campaigns such as the stealer plugin-in was compiled for the 64-Bit version since August 25th 2018. Authors have also implemented the RDP protocol using the open-source project called RDPWrap. The RDP plugi was implemented by the threat actors as it is less likely to be blocked by the firewall.
Views: 415
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
