DanaBot is an ever-evolving and prevalent threat that has been in the wild since 2018. The malware has seen a resurgence in late 2021 after it was found several times in hijacked packages of NPM, a popular JavaScript software package manager for Node.JS.
Sold as a Malware-as-a-Service (MaaS) offering, DanaBot initially focused on banking fraud and information stealing. However, over the years it has matured in complexity and grown in functionality.
One such functional shift was seen in late October 2021, when an affiliate using the malware dropped via the hijacked NPM packages was involved in a distributed denial-of-service (DDoS) attack against a commercial organization based in Russia.
Read more here:
Credit: YouTube/BlackBerry
