Despite a coordinated international takedown earlier this year, the DanaBot malware has returned with a newly upgraded version, signaling yet another resurgence of a threat that has repeatedly evaded permanent shutdown. The fresh discovery comes roughly six months after law enforcement agencies crippled the malware’s network during Operation Endgame, a global effort that announced infrastructure seizures and criminal indictments in May. Researchers at Zscaler ThreatLabz now report that DanaBot is once again circulating in attacks, with a rebuilt architecture designed for persistence and continued financial gain.
The latest version, identified as DanaBot 669, introduces a command-and-control system based on Tor hidden services and “backconnect” nodes. By routing malicious communication through .onion domains, the operators create a layer of anonymity that makes tracking and disruption significantly more difficult. Zscaler’s analysis also uncovered several active cryptocurrency wallet addresses linked to the campaign, spanning Bitcoin, Ethereum, Litecoin, and TRON, which the attackers are using to collect stolen funds from victims.
DanaBot first emerged several years ago when researchers at Proofpoint revealed it as a Delphi-written banking trojan delivered largely through phishing emails and malvertising lures. Its creators adopted a malware-as-a-service model, renting out access to cybercriminal groups who used it to harvest credentials from online banking sessions. Over time, the malware evolved into a modular system
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: