Light Dark
September 12, 2018 By Shane Schick 2 min read

DanaBot, one of the most recent cyberthreats to hit the banking industry, has developed a way to avoid detection on virtual machines as it shifts focus from Australia to Poland.

The malware’s upgraded capabilities mean that DanaBot will not run its executable within a virtual machine (VM) environment, making it even more difficult to detect with basic security tools, according to research from IBM Trusteer.

DanaBot surfaced in May 2018, with initial attacks involving Australian financial institutions that fell for a bogus invoice issued from a legitimate, local accounting software firm called MYOB. Like other financial cyberthreats, DanaBot can steal access to user accounts and remotely control devices to commit fraud. The most recent activity, however, shows the banking Trojan is now being aimed at Polish banks and cryptocurrency exchange platforms.

Tracking DanaBot’s Evolution

Compared to Ramnit, TrickBot and other financial cyberthreats, DanaBot is still a relatively minor player. However, the anti-VM feature shows how quickly the malware is evolving into more sophisticated forms. Even before this adaptation, DanaBot was largely invisible to antivirus software, and researchers noted that more stealth updates are likely to come soon.

Perhaps more importantly, DanaBot is not a piece of privately owned code operated by a single group of cybercriminals. It is commercially available, which means the shift from Australia to Poland might be just the beginning if DanaBot draws interest from malicious actors targeting other parts of the world.

How to Fend Off Financial Cyberthreats

DanaBot uses malware spam to break into financial institutions, where employees may be too preoccupied to notice suspicious links or websites. There’s also a lot might not catch with the naked eye, including scripts, document object model data and other elements.

IBM experts suggest combining analytics with machine learning tools that can more readily detect phishing attempts, including image-based attacks that use screenshots of otherwise legitimate-looking bank websites coupled with online forms to steal usernames and passwords. As DanaBot rises through the ranks of financial cyberthreats, a cognitive approach to protecting endpoints is critical.

 |  |  |  | 
Shane Schick
Writer & Editor

More from

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

April 30, 2024

AI cybersecurity solutions detect ransomware in under 60 seconds

2 min read - Worried about ransomware? If so, it’s not surprising. According to the World Economic Forum, for large cyber losses (€1 million+), the number of cases in which data is exfiltrated is increasing, doubling from 40% in 2019 to almost 80% in 2022. And more recent activity is tracking even higher.Meanwhile, other dangers are appearing on the horizon. For example, the 2024 IBM X-Force Threat Intelligence Index states that threat group investment is increasingly focused on generative AI attack tools.Criminals have been…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature