Banking Trojan Sends Spam Attacks Using Your Email Address

If your financial institution was used with DanaBot Trojan as part of its target list, your email address may be causing trouble. Victims who got hooked by the DanaBot lure may have had their email addresses used by hackers to send out email spam to catch other victims. Creators of the DanaBot Trojan recently updated the malware with the ability to gather email addresses from its victims’ contacts. This allows them to send countless spam emails to those contacts–including family and friends–using your good name as the sender. Recipients may be much more likely to click on attachments and links to in emails from senders they know and trust. It’s designed to take advantage of even more victims by stealing their data and infecting devices with malware. Once the DanaBot victim logs in to their email account, spam emails are instantly sent out.

Research by ESET shows the DanaBot Trojan scope is beyond a typical banking Trojan. This Trojan regularly adds new hacking features, tests distribution options, and may be acting in concert with other cybercriminal gangs. Their attacks have been used worldwide–showing no signs of slowing down and are in fact improving with age. In particular, DanaBot’s email spam contains ZIP attachments with a decoy PDF file. It also contains a .VBS (Virtual Basic Script) attachment full of malware specifically targeting Internet Explorer and Microsoft users. Should the VBS file be activated, even more malware is downloaded.

With email spam notorious for carrying malware infections of all types, basic email phishing defenses are more important than ever to use. Especially in the DanaBot case, recipients likely know and trust the sender, leading to even more victims. Below are some basic email spam protections, since you can assume much of it is sent by malicious actors.

- Know that even an email address from a friend can be hijacked by hackers. Hover your mouse over the sender address to confirm the sender or click the arrow next to the name. There is some way to see the entire address, depending on the way you collect yours. If you don’t know how, ask someone or perform a quick internet search. Even though it may appear to be from someone you know, never click on attachments or URL’s before contacting the sender to make sure the email is legitimate and that attachments are safe.

- Never reply to a spam email. A reply or clicking on “unsubscribe” tells hackers you do exist. Doing so alerts them you may be a prime target for further hacks. If you reply to the message, it will go right back to the hackers who will then try to further convince you they are legit. One simple thing to remember: Don’t reply: Delete.

- Don’t forward any spam emails, ever. Spammers harvest email addresses of anyone, even those on a “friends and family” email list. Involving your contacts in a spam attack, although you are unaware, is the wrong way to endear yourself to them.

Stickley on Security
Published January 22, 2019