The New DanaBot Malware Is Now Aiming Banks In US
Recently, security experts has observed DanaBot Malware targeting bank located in US. The malware was first discovered at May 2018 and at that time it has been reported to target banks of Australia and Europe. According to a security report, this malware is a kind of modular Trojan which is written in Delphi. The one and only objective of cyber criminals behind this nasty malware is to make profit by gathering banking details of victim. Research also reveal that attackers behind this malware are spreading it continuously using different strategies. Social engineering technique and spam email campaign are the most used ways through which it is distributed. Expert suspect that this campaign is run by the same attacker who were behind the infamous Panda banking Trojan.
The Customizable Modular Engine of DanaBot Malware
As stated by research report, DanaBot Malware is incorporated with a modular engine which allow cyber criminals to customize it according to target. Because the malware doesn’t display any specific sign and bypass the security software it is not easy to detect it. After taking place in the targeted system the banking trojan initiate series of malicious activities. But first of all it start its data gathering process in which it harvest personal information from the compromised system. As revealed by security analyst, DanaBot Malware may consist three components which are given below :
- The loader : This malware component download and loads the main payload.
- Main component : It downloads, configure and also loads modules.
- Modules : It is known to process and execute various malware activities.
As already mentioned, the main action of DanaBot Malware is to steal data from infected system. According to reports, the banking trojan usually steal data into two groups which is as follows :
- User identity of victims : In this part the malware finds and separate strings which is used to expose private details and identity of victims. Such information usually contains phone number, name, address, location, account details etc.
- Data to optimize attack : In this group, cyber criminals behind this malware look for those data which they can use to optimize the further attack. Such information usually include operating system values, hardware components, regional settings and more.
The collected data is then transfer to another module which is known as stealth protection. In this module the malware scans running process and installed application on victims system to find out any instances that may stop the trojan from executing.
DanaBot Malware Is Linked With CryptXXX Ransomware
DanaBot Malware is found related with CryptXXX Ransomware because both are controlled via same command and control servers. Researchers are now tracking those campaigns that are using this banking trojan. According to reports almost nine different cyber criminals have been found who is distributing this malware. Expert advise to avoid opening spam email or click on links that are distributed in social media. You must update all your software including antivirus to protect system from DanaBot and other dangerous threat.