2018 has seen a marked shift away from high-volume, immediately destructive ransomware campaigns to distribution of banking Trojans, information stealers, and downloaders. Banking Trojans now make up almost 60% of malicious payloads we observe in email. Now a new banking Trojan has emerged, adding to the growing diversity of this segment specifically and malicious email campaigns in general.
Proofpoint researchers discovered a new banking Trojan, dubbed “DanaBot”, targeting users in Australia via emails containing malicious URLs. Written in Delphi, the malware is still under active development. To date, we have only observed it in use by a single threat actor. However, it remains to be seen if distribution and use becomes more widespread given that the actor is known for purchasing banking Trojans from other developers and operators. We also found additional samples in malware repositories other than those we observed in the wild, potentially suggesting distribution by other actors.
Powered by WPeMatico