NEWS Spy and Thief in One EXE: DanaBot Developers Caught by Their Own Logs

ExcalibuR

ExcalibuR

Legend
LEGEND
PREMIUM
MEMBER
Joined
Jan 17, 2025
Messages
4,031
Reaction score
7,809
Deposit
11,800$

Spy and Thief in One EXE: DanaBot Developers Caught by Their Own Logs

1748072146427.png
One malware led from banks to diplomats—and from profits to indictments.

In the U.S., 16 individuals have been charged in connection with DanaBot, one of the most persistent and widespread infostealer platforms since its emergence in 2018. According to the FBI, the malware’s second version was used not just for data theft but also cyber espionage—and ironically, many suspects incriminated themselves by infecting their own devices, leaving behind digital trails.

DanaBot’s Criminal Empire

  • Malware-as-a-Service (MaaS): Sold to affiliates for $3,000–$4,000/month, DanaBot specialized in credential theft and banking fraud. By 2022, it had over 40 paying clients.
  • Global Reach: Infected 300,000+ devices worldwide, causing $50+ million in damages.
  • Key Figures: The scheme was allegedly orchestrated by "JimmBee" and "Onix" (an IT engineer who operated under the alias "Maffiozi" online).

From Financial Crime to Cyber Espionage

  1. Phase 1 (2018–2020): Focused on financial fraud, targeting banks and individuals.
  2. Phase 2 (2021–2022): Evolved into a spy tool, compromising:
    • Government agencies (U.S., UK, Germany, Belarus)
    • Diplomatic entities (intercepted embassy communications, financial records)
    • NGOs (stolen files included U.S. diplomatic correspondence)
The FBI noted that a modified espionage variant was used to exfiltrate sensitive state-level discussions, including resumes of diplomatic talks.

How They Got Caught: Operational Blunders

  • Self-Infection: Some developers accidentally infected their own machines, leaving logs on seized servers.
  • Server Takedowns: In 2022, the FBI confiscated DanaBot’s C2 servers and data caches—discovering the criminals’ personal files mixed with stolen data.
  • Microsoft Parallel Action: The indictments followed Microsoft’s takedown of Lumma Stealer, another subscription-based malware (priced at $250–$1,000/month). Microsoft also seized 2,300+ domains tied to the operation.

Key Takeaways

No One’s Untraceable: Even cybercriminals slip up—DanaBot’s creators were undone by their own malware.
Espionage Escalation: Infostealers are now state-level threats, targeting diplomats and governments.
Global Collaboration: Takedowns required FBI, DoJ, and tech firms working in unison.

Quote from U.S. DoJ:
"DanaBot wasn’t just stealing money—it was stealing secrets. And its architects forgot to cover their own tracks."
 
You must log in or register to reply here.

Similar threads

ExcalibuR
NEWS Kim Jong Un in Your Smartphone: One QR Code Scan and You’ve Personally Let a Spy Past Corporate Defenses
Replies
0
Views
445
ExcalibuR
ExcalibuR
ExcalibuR
NEWS 100,000 SIM Cards and 30 Million Messages per Minute: US Secret Service Uncovers Major Spy Network in New York
Replies
1
Views
2K
astherik
A
ExcalibuR
Edward Snowden: The Spy Who Revealed CIA and NSA Secrets
Replies
0
Views
2K
ExcalibuR
ExcalibuR
ExcalibuR
How a spy stole two billion euros and disappeared
Replies
0
Views
2K
ExcalibuR
ExcalibuR
ExcalibuR
🖥 New Trojan Can Spy, Steal Cryptocurrency, and Disguise Itself to Avoid Detection
Replies
0
Views
2K
ExcalibuR
ExcalibuR
Top Bottom