While massive breaches such as with the Marriott chain and Quora deservedly attract most of the attention a new banking bot menace and jewelry website vulnerabilities also loom as threats.

The DanaBot banking Trojan is back, and has expanded beyond banking to compromise email servers by enabling it to harvest email addresses and send out spam straight from the victim's mailbox. The latest variant of the malware achieves this by injecting JavaScript code into the pages of specific web-based email services. Among the targets are all email solutions based on based on Roundcube, Horde, and Open-Xchange.

According to Bleeping Computer, malware analysts at ESET found that one of the webinject scripts used by DanaBot can send out malicious messages from the owner's account, as replies to emails in the inbox. This tactic accomplishes two goals: establishing trust between the sender and the recipient thus increasing the chance of the message bypassing spam protections, and the likelihood of the recipient open the malicious attachment.

Continue Reading for Free

Register and gain access to:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts.
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders.
  • Educational webcasts, white papers, and ebooks from industry thought leaders.
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).