Danabot Banking Trojan Targets Banks in the United States

Over the past few months, banking Trojans have disseminated their global impact by almost 50 %.  The appropriate security measures adopted by banks to strengthen their processes have proven futile with the never-before seen tactics evolved by the developers to facilitate the theft of online funds.Banking Trojan
Banking Trojans continue to be a popular tool among cyber maniacs for stealing user’s banking details and draining bank accounts.
The discovery of Danabot, another Banking Trojan in a row is an evidence to establish the fact. With the widely- reported initial campaigns in Australia, this banking Trojan later expanded its reach to European countries particularly Austria, Poland, Italy, Germany, Ukraine, its latest target being United States.

 What is DanaBot?

DanaBot is a modular Banking Trojan, first discovered in malicious email campaigns targeting Australian population in May 2018. This malware is programmed in Delphi, an Integrated Development Environment (IDE) for rapid application development of Desktops, web, Mobile etc.Danabot Banking Trojan
The multi-stage and multi-component architecture of DanaBot gives it an edge over other Banking Trojans.
As other banking Trojans, DanaBot attempts to steal account credentials and other banking information of users from online banking sites. This functionality is implemented by a variety of methods like:
  • Logging Keystrokes made on the computer
  • Stealthily taking screenshots of active screens
  • Stealing data from banking forms
The collected information is shared with threat actors via C&C server (Command and Control server).

 DanaBot Multi- Stage Behavior

The multistage infection chain and modular architecture of DanaBot comprises of several components that include:
  • VNC (Virtual Network Computing) — connects and hijacks the infected system.
  • Sniffer — injects malicious scripts into the browser when user visits online banking websites
  • Stealer– Collect banking credentials and other information from a variety of applications like browsers, chats, emails, VPN clients etc.
  • TOR — uses a Tor proxy server to access .onion websites (anonymous hidden services
  • RDP — used to access Remote Desktop Protocol-based (RDP) machines;
All these plug-ins are used to create a covert communication channel between the attacker and a victim, and hence embezzle user of their hard earned money.

 Threat Behavior of the North American Campaign
Read Full Article:- Click here

Comments

Post a Comment

Popular posts from this blog

How to remove Speedtest-guide.com redirect from your system

Image
Guide to Remove Speedtest-guide.com redirect Speedtest-guide.com redirect is a nasty browser hijacker that changes the default browser settings such as home-page, search engine & new tab functionality. In addition to that, it displays annoying ads & causes infuriating redirects to dubious sites, thus deteriorating the web-browsing experience. This rogue browser redirector claims to be a free tool that can be used to test Internet speed & customize the web search. It also enables the users to keep a track of the previous tests & access speed boosting tips. While Speedtest-guide.com appears to be a useful & legit application, the users have reported of its questionable behavior. Firstly, to operate on a system, it requires modifying the browser settings without user’s permission. It does so to promote a fake search engine - Speedtest-guide.com. It causes unnecessary browser redirects & possesses the capability of tracking down user’s online
Read more

The novel DNS protocol helps Mozart Malware evade detection

Image
The nasty Mozart Malware has made a major comeback in the cyber-world. Yes, the devious malware known for infecting the Home Depot Inc, United States & breaching data is now using a novel DNS protocol to communicate with the remote hackers. This new DNS Protocol is also being used by Mozart Malware to remain under the radar of security solutions & other intrusion detection systems. Read on to know more about this backdoor malware. The First Attack of Mozart Malware Mozart malware made its first appearance in September 2014 after it hacked the Home Depot Inc., United States. According to the sources, this earlier unknown & unseen malware was specifically crafted to attack the Home Depot, the largest home development vendor in the United States. The word “Mozart” was observed in the software’s malicious code& it is suspected to have connections with the hacker’s system, the sources state. Read Full Article
Read more

How to remove ZUpdater.exe Trojan from your system?

Image
Guide to Remove ZUpdater.exe Trojan - ZUpdater.exe Trojan is a nasty threat to the Windows OS based devices. It uses the infected system’s resources to generate illicit crypto currency without the user’s permission or knowledge. Software Bundling & Free Programs are the prime methods used by ZUpdater.exe Trojan to proliferate its infection. Some of the free downloads offered on the internet do not reveal if other software is being installed in the background. Thus, they easily make their way into the system without user’s consent. Once ZUpdater.exe virus is installed, it consumes over 90% of the CPU’s power & graphics card power of the targeted system. This way, it makes the system extremely sluggish & deteriorates the performance of the PC. According to cyber-security analysts, while the system is running slow, hackers use computer’s resources to generate illicit revenue for themselves. Victims from around the world are looking for ways to remove
Read more