DanaBot Malware Coming To You Via FTP
By: Jim Stickley and Tina Davis
August 21, 2018
Malware and phishing are indeed on the rise. On top of that, the malware and phishing schemes that are roaming around “out there” are changing and getting more sophisticated all the time. An example of this is a recent phishing attack that uses FTP links to get the DanaBot malware onto systems. Recently, Trustwave researchers have seen this and its newly developed phishing attack.
Of course the initial interaction starts with an email. Inside it is a link to what the scammers say is an invoice at the end of an FTP link. If the link is clicked, a small file called a dropper file is downloaded and executed to then download the most current version of the DanaBot online banking trojan. It can allow the attacker to remotely control the infected computer; steal information from, and it can send screenshots off to its command and control center for explotation scams.
Always be on your toes when clicking any links or attachments received in email. They are so tricky these days and the attackers make the messages nearly impossible to detect as phishing. The best way to avoid clicking malicious links is to verify them first. Place a quick phone call to the sender to make sure. In any case, if you are not expecting to receive these in an email message, just don’t click them at all. If you are not expecting to receive an invoice and especially if you’ve never received one via an FTP link before, definitely, don’t click it.
Of course, if the language is poorly used, the punctuation is out of place or incorrect, and it just seems unprofessional, they should still be big “in your face” clues that the link may have something bad on the other end.
For the time being, DanaBot seems to be sticking to targets in Australia. However, you can bet it’s on its way around the globe very soon. And if it isn’t this malware, something else new and likely “improved’ is already all around the world.