DanaBot is a relatively new piece of malware that can be classified as a banking Trojan. It uses a sophisticated spam campaign to infect computers, and seems to target companies and businesses. While it may not appear as such at first sight, this Trojan is very dangerous as it aims to steal your financial information. Once the Trojan is fully inside, it will steal personal information, make system screenshots and send the information to a Command and Control server, where it will land in the hands of cyber crooks. Having personal and financial information stolen can have very serious consequences so this kind of malware is best avoided.
Its entrance may go unnoticed by users as it shows no obvious signs of being on a computer. However, reliable anti-malware software should be able to detect the issue. If you’ve just installed anti-malware software and it’s detecting this Trojan, delete DanaBot immediately.
What does it do?
The Trojan is spread using sophisticated spam campaigns, where cyber crooks send out emails to users, pretending to be from legitimate companies. One campaign involves crooks pretending to be from Australian software company MYOB and informing users that an invoice has been attached to the email. MYOB provides tax and accounting services, so it’s not unusual for customers to get such emails. They look quite legitimate as well, using the same design as MYOB uses. These kinds of campaigns are why it’s recommended to scan email attachments with anti-malware software before opening them. No matter how legitimate they may look, they could always be disguised malware.
When you open the attachment, the Trojan launches and begins its activity. It will attempt to steal your personal and system information, make screenshots of your system and desktop, and will make a list of files on your hard disk. That information would be uploaded onto a command and control server (C&C). The information would either be used by the crooks behind this Trojan, or it would be sold to other criminals.
You might not notice it operating, and that’s one of the reasons why Trojans are so dangerous.
Cybercriminals are targeting victims in companies and infecting them with sophisticated multi-stage, multi-component and stealthy banking trojans like DanaBot to steal their private and sensitive information. In this campaign the attackers sent targeted phishing emails in the form of fake MYOB invoice messages with invoice links pointing to compromised FTP servers hosting the DanaBot malware. The infrastructure supporting the malware is designed to be flexible while the malware is designed to be modular with functionality spread across multiple components that are heavily encrypted.