DanaBot malware is back to infecting Windows after 6-month break www.bleepingcomputer.com/news/secu…
The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May.
According to security researchers at Zscaler ThreatLabz, there is a new variant of DanaBot, version 669, that has a command-and-control (C2) infrastructure using Tor domains (.onion) and “backconnect” nodes.
Zscaler also identified and listed several cryptocurrency addresses that threat actors are using to receive stolen funds, in BTC, ETH, LTC, and TRX.
