Quote:A new sample of the DanaBot trojan spotted in a recent campaign reveals that operators behind the malware have now included a ransomware component into its code, along with new string encryption and communications protocols.
 
The update, wrote Check Point researchers on Thursday, represents a significant upgrade to the malware. However, the researchers also reported they have devised a possible way to recover files encrypted by the newly added DanaBot ransomware component.
 
“For almost a year, DanaBot has been extending its capabilities and evolving into a more sophisticated threat,” wrote Check Point researchers Yaroslav Harakhavik  and Aliaksandr Chailytko, in a breakdown of the malware’s latest components. “We assume its operators will continue to add more improvements.”

According to Check Point, recent DanaBot campaigns have migrated to Europe and are now dropping executable files containing ransomware written in the programming language Delphi. Additional capabilities include stealing browser credentials, running a local proxy to manipulate web traffic and initiating remote desktop control on targeted systems.