A new malicious campaign is distributing an upgraded variant of DanaBot that comes with a new ransomware module. DanaBot is a modular banking Trojan developed in Delphi and designed to steal banking credentials and sensitive information by collecting form data, taking screenshots, or logging keystrokes on compromised computers. The new DanaBot variant detected by Check Point adds a “Non Ransomware”” ransomware module to its previous list of capabilities which allow it to steal browsers and FTP clients credentials. The malware will also drop a b.bat batch file in the system’s TEMP folder which will be executed for: showing hidden files;. Deleting shadow copies for all volumes;.”
Source: https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/

