This trojan horse targets online banking customers
Shortly before online antivirus software provider in Turkey and draws attention to the increasing cyber fraud efforts to ESET’s mobile banking customers, this time targeting online banking customers in Europe module has detected a trojan horse. Cybercriminals, depending on the need to add this harmful; It appeared in Poland, Italy, Germany, Austria and Ukraine. This Trojan horse, called DanaBot, seeks to gain financial information by taking control of the devices.
According to ESET Researchers, DanaBot, a modular banking Trojan, was originally discovered in May 2018 in malicious email attacks targeting Australian users. However, as of September 2018, malware emerged intensively in Europe, Poland, Italy, Germany, Austria and Ukraine, thus expanding its scope of activity.
The DanaBot Trojan horse has a multi-stage and multi-component architecture. Most of its features are implemented by plug-ins. At the time of its discovery, malicious software is in the process of active development, while experts point out that this development still continues.
Only two weeks after the initial attack reported in Australia, DanaBot was detected in a wave of attacks targeting Poland. The attackers behind the Polish attack use e-mails that contain fake invoices sent from various companies to jeopardize their victims.
The biggest feature is its modularity
Given its modular architecture, DanaBot needs plug-ins for most of its features. According to ESET researchers, malware can change its usage area according to need. The plugins ESET experts have identified include:
VNC plugin – Remotely control the victim’s computer by connecting.
Sniffer plugin – Usually when you visit internet banking sites, it injects malicious scripts into the victim’s browser.
Stealer plugin – Collects password information from many different applications. (browsers, FTP clients, VPN clients, instant messaging and e-mail programs, poker programs, etc.).
TOR plugin – Provides access to .onion websites by installing a TOR proxy.
They aim to expand their domains with modular architecture
The findings of the ESET Researchers point out that DanaBot is still being actively used and developed and is trying to discover new targets among European countries. New features seen in recent waves of attacks focusing on European countries show that attackers behind DanaBot are trying to increase their impact and success rates using modular architecture of malware. ESET software detects and blocks all DanaBot components and add-ons.