03 October 18, 15:57
Quote:DanaBot is a modular Trojan written in Delphi that attempts to steal account credentials and information from online banking sites. It does this through a variety of methods such as taking screenshots of active screens, stealing form data, or logging keystrokes made on the computer. This stolen information is then collected and sent back to a central server, or command & control server, where it can then be accessed by the attackers.
When ProofPoint first discovered DanaBot, a single group was using it to target Australian banks. As time went on, other actors began using the banking Trojan to target other regions. As more campaigns are released using a different ID found in server communications, ProofPoint feels that DanaBot is being marketed as part of an affiliate system where actors can either share in the profits or rent the malware from the developer.
The North American campaign discovered by ProofPoint is being spread through malspam that pretends to be digital faxes from eFax. These emails state that the recipient received a fax and then prompts the user to download them.
Source: https://www.bleepingcomputer.com/news/se...in-the-us/