DanaBot malware has reemerged with a new version, six months after law enforcement efforts disrupted its operations. The cybercriminals behind DanaBot continue to adapt using Tor domains and cryptocurrency addresses to facilitate illegal activities. #DanaBot #OperationEndgame
Keypoints
- DanaBot is a banking Trojan that has resurfaced after a six-month hiatus.
- The latest variant employs Tor (.onion) domains and backconnect nodes for command-and-control infrastructure.
- Law enforcementβs Operation Endgame significantly disrupted DanaBot in May, but the malware has rebuilt its infrastructure.
- The malware is distributed via malicious emails, SEO poisoning, and malvertising, sometimes leading to ransomware infections.
- Organizations should update their security tools and block new IoCs to defend against the resurging threat.