"Malvertising Attacks Rely on DanaBot Trojan to Spread CACTUS Ransomware"

Microsoft discovered ongoing malvertising attacks involving the use of the DanaBot Trojan to spread CACTUS ransomware. Microsoft linked the campaign to Storm-0216, also known as Twisted Spider and UNC2198. Storm-0216 previously used Qakbot malware for initial access, but after the Qakbot infrastructure was taken down, it switched to other malware. The current DanaBot campaign was discovered in November, when Microsoft researchers found that the threat actors were using a private version of the popular info-stealing malware rather than the Malware-as-a-Service (MaaS) offering. DanaBot is a Delphi-based multi-stage modular banking Trojan that first appeared in 2018. This article continues to discuss findings regarding the malvertising attacks spreading CACTUS ransomware using the DanaBot Trojan.

Security Affairs reports "Malvertising Attacks Rely on DanaBot Trojan to Spread CACTUS Ransomware"

Submitted by grigby1

Submitted by Gregory Rigby on