While massive breaches such as with the Marriott chain and Quora deservedly attract most of the attention a new banking bot menace and jewelry website vulnerabilities also loom as threats.

The DanaBot banking Trojan is back, and has expanded beyond banking to compromise email servers by enabling it to harvest email addresses and send out spam straight from the victim’s mailbox. The latest variant of the malware achieves this by injecting JavaScript code into the pages of specific web-based email services. Among the targets are all email solutions based on based on Roundcube, Horde, and Open-Xchange.

According to Bleeping Computer, malware analysts at ESET found that one of the webinject scripts used by DanaBot can send out malicious messages from the owner’s account, as replies to emails in the inbox. This tactic accomplishes two goals: establishing trust between the sender and the recipient thus increasing the chance of the message bypassing spam protections, and the likelihood of the recipient open the malicious attachment.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).

More from this author


Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2023 ALM Global, LLC. All Rights Reserved.