VERY IMPORTANT

The infostealer Danabot has been disrupted in a multinational law enforcement operation. ESET has been tracking Danabot since 2018, contributing to the effort by providing technical analyses and identifying C&C servers. Danabot operates as a malware-as-a-service, offering various features like data theft, keylogging, and remote control. It has been used to distribute additional malware, including ransomware. The malware's authors promote their toolset through underground forums, providing affiliates with an administration panel, backconnect tool, and proxy server application. Distribution methods have included email spam, other malware, and misuse of Google Ads. Danabot employs a proprietary encrypted communication protocol and offers multiple build options for affiliates.