DanaBot, one of the most recent cyberthreats to hit the banking industry, has developed a way to avoid detection on virtual machines as it shifts focus from Australia to Poland.
The malware’s upgraded capabilities mean that DanaBot won’t run its viable among a virtual machine (VM) environment, creating it even harder to notice with basic security tools, in keeping with analysis from SCS
DanaBot surfaced in could 2018, with initial attacks involving Australian financial institutions that fell for a bastard invoice issued from a legitimate, native accounting software system firm referred to as MYOB. Like different monetary cyberthreats, DanaBot will steal access to user accounts and remotely management devices to commit fraud. the foremost recent activity, however, shows the banking Trojan is currently being geared toward Polish banks and cryptocurrency exchange platforms.
Tracking DanaBot’s Evolution
Compared to Ramnit, TrickBot and other financial cyberthreats, DanaBot is still a relatively minor player. However, the anti-VM feature shows how quickly the malware is evolving into more sophisticated forms. Even before this adaptation, DanaBot was largely invisible to antivirus software, and researchers noted that more stealth updates are likely to come soon.
Perhaps more importantly, DanaBot is not a piece of privately owned code operated by a single group of cybercriminals. It is commercially available, which means the shift from Australia to Poland might be just the beginning if DanaBot draws interest from malicious actors targeting other parts of the world.
How to Fend Off Financial Cyberthreats
DanaBot uses malware spam to interrupt into financial institutions, wherever workers may be too preoccupied to note suspicious links or websites. There’s conjointly loads won’t catch with the naked eye, as well as scripts, document object model information and alternative components.
SCS consultants recommend combining analytics with machine learning tools which will a lot of without delay notice phishing makes an attempt, as well as image-based attacks that use screenshots of otherwise legitimate-looking bank websites plus on-line forms to steal usernames and passwords. As DanaBot rises through the ranks of monetary cyberthreats, a cognitive approach to protective endpoints is crucial.