21 September 18, 16:11
(This post was last modified: 21 September 18, 16:11 by silversurfer.)
Quote:The covert banking Trojan DanaBot uncovered by Proofpoint in May 2018 when it began targeting Australia and Poland via malicious URLs has now moved to Europe, with new e-mail campaigns affecting Italy, Austria, Germany, and Ukraine.
According to an analysis made by ESET Research, the DanaBot banking Trojan written in Delphi has a modular structure easily expandable by the threat actors behind it via plug-ins.
Before moving to Europe, during the Australian-based campaigns, DanaBot came with four plug-ins. The VNC plug-in which would allow the attacker to connect to the victim's machine, while the stealer plug-in designed to automatically collect all passwords entered in a wide range of applications.
Furthermore, DanaBot's "Australian"-flavored release came with a sniffer plug-in that would inject malicious code within the websites visited by the target to steal sensitive information such as credentials and payment data, and a TOR plug-in that helped it connect to .onion sites
Source: https://news.softpedia.com/news/danabot-...2842.shtml