Danabot has made a notable return as version 669 after being inactive due to law enforcement actions in May 2025. This advanced malware presents fresh challenges by targeting financial institutions and cryptocurrency users through multi-stage attacks that include spear-phishing campaigns and malicious documents.
The sophistication of Danabot’s tactics is highlighted by its use of various infection vectors and command-and-control methods. Security researchers from Zscaler ThreatLabz have analyzed the malware, uncovering shifts in its C2 infrastructure, which now utilizes both IP-based addresses and .onion domains to enhance resilience and complicate mitigation efforts. Key addresses have been documented, showcasing Danabot’s evolution in delivering its payload and conducting data exfiltration. Its modular architecture allows for remote management and updates, thereby increasing persistence and evasion of detection.
👉 Pročitaj original: Cyber Security News
