DanaBot Malware Adds Spam to its Menu

  /     /     /  
Publicated : 23/11/2024   Category : security


DanaBot Malware Adds Spam to its Menu


A new generation of modular malware increases its value to criminals.



Malware authors adding to the capabilities of their malicious software is nothing new. But a recently discovered addition of spam-generation to a banking Trojan package demonstrates how criminals are adding email capabilities to increase ways to both distribute and monetize it.
DanaBot, the malware at the center of the new discovery by ESET and Proofpoint, was first
described by Proofpoint researchers
in May of this year. It was, at the time, a relatively simple banking Trojan spread by an actor known for purchasing malware from other authors.
But a new campaign has DanaBot distributing a malicious payload related to
GootKit
, an advanced banking Trojan. Its an example of a criminal actor bringing together modular malware from two criminal organizations that have, in the past, been known for working independently.
This follows along with a trend that were seeing it with the actors who, instead of distributing just a straight banking Trojan or ransomware, are distributing full-featured malware, says Christopher Dawson, threat intelligence lead at Proofpoint. Were seeing lots more Remote Access Trojans being distributed. And you know a RAT being submitted by a financially motivated actor is kind of a big deal.
Dawson says that the financial motivation means that the authors of malware like DanaBot are going to try to maximize the return on their development investment, so theyre likely to continue adding features.
DanaBots new capabilities include harvesting email addresses from a victims computer and using those addresses for spam messages that seek to spread the malware to systems both on the victims network and to other, unrelated networks.
The growing trend to use modular design in malware makes it easier for threat actors to add capabilities to existing software for new campaigns. Describing the new DanaBot activity, ESET researchers wrote that part of DanaBots configuration has a structure we have previously seen in other malware families, for example Tinba or Zeus. This allows its developers to use similar webinject scripts or even reuse third-party scripts.
What to Do
So what does this shift mean for enterprise security teams? Its really reinforcing that old message; layered security, robust backups, robust patching regimens. This is the same message over and over, Dawson says. 
While its hard to maintain multiple systems, endpoint security, edge security, app security and everything else, he says, its just it is the nature of the beast that youve got to be able to catch malware at every step.
Dawson says the question of whether its the work of a criminal organization or a nation-state actor ultimately makes little difference. While nation-state actors get the bulk of the mass media press, the nature of the threat means that ultimately the victim has something that the attacker wants, he says. But most of what we see is crimeware. These are are financially motivated actors and they are just doing their best to monetize their efforts.
Related Content
:
Highly Active Seedworm Group Hits IT Services, Governments
Satan Ransomware Variant Exploits 10 Server-Side Flaws
New Hacker Group Behind DNSpionage Attacks in Middle East
7 Real-Life Dangers That Threaten Cybersecurity

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
DanaBot Malware Adds Spam to its Menu