The DanaBot banking trojan is back, and has expanded beyond banking to compromise Web-based email servers.
Will LaSala, Director ,Security Solutions and Security Evangelist at OneSpan:
“Previously the DanaBot focused on mainly harvesting banking credentials by a similar means to the new threat, essentially by compromising the Bank’s Web Portal. It would steal usernames and passwords. The new functionality appears that they are focusing on just harvesting email addresses, from all sorts of different companies.
The change in direction of the DanaBot shows that attacks that started in banking are moving beyond banking. Attacks such as Marriot, British Airways and Newegg were for private information and on the black market, this private information is valuable. Private information helps criminals open new accounts and appear legitimate. The more private information that is stolen, the more difficult it will be for organizations to protect themselves from fraudulent accounts. In all, changes like this showcase the fact that all forms of internet communication need to be protected and companies should be vigilant in patching security holes as soon as they can.”