DanaBot malware is, yet again, infecting Windows machines just six months after a major law-enforcement takedown.
Security researchers have discovered a fresh wave of DanaBot attacks which have been targeting Windows PCs. This sudden resurgence in activity comes despite the impact of Operation Endgame, an international law-enforcement operation which threw a major spanner into the works of the malware in May. Zscaler ThreatLabz, the team behind this discovery, has revealed that a new version of the malware is now active. This means that the threat actors behind it swiftly rebuilt their malware to continue their operations.
How DanaBot Made its Comeback
The latest DanaBot variant, often referred to as version 669, is more than just a simple update. Instead, this new build includes a completely restructured command-and-control system – this is the backbone of the attack which enables the cybercriminals to take complete control of infected systems. Previously, DanaBot relied on a standard set of servers to direct their operation. Now, though, the attackers are using a mixture of standard IP-based servers alongside Tor-based domains which are hidden and encrypted. This makes them highly challenging to trace or block.
There’s also credible evidence that DanaBot is allowing its attackers to move stolen funds and payments through cryptocurrency wallets. To cover their tracks effectively and keep their identity concealed, the hackers are taking advantage of wallets which span multiple digital currencies.
DanaBot itself is marketed as a malware-as-a-service option, meaning that it’s rented out to other criminals by the hacking group behind its design. This, again, makes DanaBot difficult to trace. It’s also being used my multiple parties with different aims, methods and located in different geographical regions. DanaBot has the potential to harvest data, install additional malware, and launch ransomware campaigns. Therefore, a DanaBot infection can quickly lead to multiple threats being launched on a single system.
The routes that DanaBot is using to spread its malicious payload is also far from straightforward. Multiple distribution methods have been identified such as phishing emails, fake software installers, malvertising, and poisoned search engine results. And, of course, there’s every chance that DanaBot could quickly evolve again to stop people second-guessing its techniques.
Protecting Your PCs From the Threat of DanaBot
The multi-pronged approach from DanaBot means you need to be on your guard against its malicious threat. The good news is that Ophtek can make life easier for you. Follow our advice below and you should keep your systems free of DanaBot:
- Be Careful with All Emails: Malicious email attachments are one of the most effective ways to breach a PC’s defenses. Accordingly, you should always scrutinize your emails before taking any action such as opening an attachment or clicking a link. Always check and double check that everything in an email is legitimate.
- Always Update: If you want your networks to remain secure, you need to prioritize updates. These are particularly crucial for antivirus and anti-malware tools as they ensure you’re protected against the latest threats. However, any update for any piece of software is just as crucial as these reduce the risk of vulnerabilities being exploited on your PC.
- Carry Out Regular Backups: Using multiple backup locations – such as the cloud and external drives – is essential if you want to preserve your data and maintain business continuity. If, for example, a DanaBot infection led to ransomware being unleashed on your systems, it would be paramount that you had your data securely backed up.
For more ways to secure and optimize your business technology, contact your local IT professionals.
