Saturday, September 7, 2024
HomeMalwareDanaBot Banking Trojan Steal Private and Sensitive Information

DanaBot Banking Trojan Steal Private and Sensitive Information

Published on

A new phishing email campaign targeting Australian customers with a fake standard MYOB-like HTML invoice template that contains FTP links pointed to compromised servers.

With this new campaign, attackers used FTP links instead of the usual HTTP links and most of the FTP sites linked with the Australian domains.

The FTP links points to a zip file that contains a JavaScript that downloads the final payload DanaBot malware.

- Advertisement - EHA

Trustwave researchers Fahim Abbasi and Diana Lopera spotted the phishing scam targeting Australian customers of MYOB.

Phishing Email Campaign

The phishing email campaign contains a fake MYOB invoice that asks customers to make payment and once the customer clicks on View Invoice it downloads the zip file from the compromised server.

The Download zip archive contains JavaScript (JS) downloader that requires users to execute it, once executed it launches a PowerShell command that downloads the final payload DanaBot multi-component banking Trojan.

Phishing Email Campaign

DanaBot Banking Trojan contains four modules dll – VNC, dll – Stealer, dll – Sniffer and dll – TOR that enables extract the sensitive details from customers, establishing a covert communication channel and to control a remote host via VNC.

According to Trustwave researchers “the infrastructure supporting the malware is designed to be flexible while the malware is designed to be modular with functionality spread across multiple components that are heavily encrypted.”

You can find the Analysis report and IoCs in Trustwave blog post.

Also Read

Hackers can Bypass Two-Factor Authentication with Phishing Attack

Facebook’s New Tool to Detect and Alert Website Owners About Phishing Attacks

Cyber Attack Prevention Checklist to Keep Your Business Safe & Secure From Hackers

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group

FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is...

Lazarus Hackers Attacking Job-Seekers to Deliver Javascript Malware

The Lazarus Group is one of the most notorious hacker groups linked to the...