Security researchers recently discovered a banking trojan named DanaBot (detected by Trend Micro as TROJ_BANLOAD.THFOAAH) being distributed to European countries via spam emails. Here’s what you need to know about this threat, how users and businesses can defend against it, and how managed detection and response can help address this threat.
What is DanaBot?
DanaBot is a banking trojan, written in Delphi programming language, capable of stealing credentials and hijacking infected systems. It is distributed via spam emails masquerading as invoices with malicious attachment that, when executed, abuses PowerShell — a legitimate system administration tool — and Visual Basic scripts (VBScript) called BrushaLoader to retrieve and execute its modules.
Source: Trend Micro