DanaBot: the New Threat Behind a VPN

VPN programs are used by users to encrypt the connection, hide the IP address and also to be able to access content that may be geographically restricted. There are many options available for both mobile devices and desktops. In this article we echo a new threat that hides behind VPN programs , as well as other types of software.

New malware hides behind the VPN

This is DanaBot , a threat that they have found present in certain free VPN programs and also in antivirus software and other programs that we can find for free or pirated on the Internet.

DanaBot: the New Threat Behind a VPN

It was a discovery by Proofpoint researchers. They have found a new strain of the DanaBot malware. It is distributed using pirated software keys. The user is tricked into downloading infected software disguised as antivirus programs, free VPNs, and online games.

According to this group of researchers, it is mainly distributed through websites that offer this type of free or pirated programs. This software downloaded by users carries the DanaBot threat hidden. An important problem, since precisely the VPN tools serve to improve security and make connections more reliable.

It should be noted that DanaBot is not a new malware , since it was discovered for the first time in 2019. We are facing a new strain of this threat that can put the safety of users at risk. In recent years, moreover, it has evolved and has become one of the most important banking Trojans.

Last October it was updated to a new version in order to reach more victims. It is expected that in the coming months it will be used in numerous campaigns of Phishing attacks to steal passwords and credentials.

One of the novelties of this new version is that it can go unnoticed by security tools. It could stay in the shade without being detected. They have even perfected the techniques for stealing cryptocurrencies, something that has been on the rise again in recent times.

Qué es el malware wiper

How DanaBot Spread

The way DanaBot can infect users is not that different from other similar threats. It is necessary for the victim to download and run a file , which in this case would be the key to the software they are installing. The malware then loads two components onto the infected device.

One of those components is responsible for collecting system information, browser data, or possible cryptocurrency wallets that it finds. The second thing it does is install a cryptocurrency miner and it has the ability to steal bank credentials.

What to do to protect ourselves

It is very important to avoid being victims of these types of threats. We have seen that it comes through the download of free or pirated software . We must always avoid accessing third-party sites that are not trustworthy and that may be a problem that compromises our privacy. You can see an article where we talk about how to see if the VPN works well.

In addition, it is always advisable to have security programs . A good antivirus can detect these types of problems and prevent the entry of threats such as DanaBot. No matter what operating system we use, we must always have one installed.

On the other hand, it is equally important to have up-to-date systems and programs . Sometimes vulnerabilities emerge that can be exploited by hackers to deploy their attacks. We need to correct any faults that may arise.