ESET Plays Key Role in a Major International Operation to Disrupt Danabot

ESET has played a key role in a major international operation to disrupt Danabot, a notorious malware-as-a-service (MaaS) platform used to steal sensitive data and deliver ransomware. The coordinated takedown was led by the U.S. Department of Justice, the FBI, and the Defense Criminal Investigative Service, in partnership with Europol and global law enforcement agencies from Germany, the Netherlands, and Australia.
ESET joined the effort alongside technology giants including Amazon, Google, CrowdStrike, Flashpoint, Intel471, PayPal, Proofpoint, Team Cymru, and Zscaler. ESET Research, which has tracked Danabot since 2018, provided in-depth technical analysis and helped identify the malware's command-and-control (C&C) servers and backend infrastructure.
Danabot, historically active in countries such as Poland, Italy, Spain, and Turkey, operates as a single developer group offering its toolkit to affiliates. These affiliates deploy their own botnets to exfiltrate data, deliver further malware, and even launch DDoS attacks. ESET's Tomáš Procházka noted the malware's extensive features, including keylogging, browser and software credential theft, screen recording, remote system control, and payload delivery—often ransomware.
The takedown is part of Operation Endgame, an ongoing initiative to dismantle cybercriminal infrastructure. Authorities also identified individuals involved in Danabot's development, sales, and operation, dealing a significant blow to its network.
ESET reports that Danabot's authors had commercialized their toolkit by bundling it with malware loaders and cryptors, offering discounted distribution packages. One of the malware's most prominent infection tactics was the abuse of Google Ads to promote fake software sites, luring victims into downloading malware disguised as legitimate software.
'The scale of disruption to Danabot remains to be seen, but unmasking those behind it is a substantial victory for the cybersecurity community,' said Procházka.
This operation marks a critical step in the global fight against organized cybercrime, with ESET reaffirming its commitment to collaboration and threat intelligence sharing. 0 0

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Zawya

4 days ago

• Zawya

Public first: Google contributed AED 21.8bln to the UAE economy in 2024

Google's Search and Ads alone helped provide AED 20.2 billion in economic activity for businesses in the UAE. DUBAI, UAE – Google announced today the launch of the Google's Economic Impact Report, a report conducted by Public First research agency, that looks at how Google products (Search, Play, Maps, YouTube and Google Ads) have helped people, local businesses, content creators and developers in the UAE throughout 2024. Around the world, Google releases Impact Reports which are based on consumer and business polling, economic modeling, case studies and third party data. The report highlights how Google's AI-powered tools and platforms are profoundly enhancing daily life and productivity for individuals and enterprises across the UAE, driving macroeconomic growth. In fact, Public First estimates that Google contributed an estimated AED 21.8 billion to the UAE economy in 2024. "We're incredibly proud to be a partner in the UAE's boundless ambitions," says Anthony Nakache, Managing Director for Google in the Middle East & North Africa. "The report reflects our investment in accelerating the country's ambitious journey towards a diversified, AI-powered economy. Through strategic investments, local partnerships, and our AI-powered tools, we're bringing substantial economic value and empowering individuals, businesses, and communities in the UAE.' Google is equipping people in the UAE with digital and AI capabilities needed for tomorrow's economy. The report highlights that since 2018, over 430,000 individuals in the UAE were trained in essential digital and AI skills through Google's key skilling initiative "Maharat Min Google" initiative. This effort includes empowering a diverse and vibrant ecosystem of developers. In 2024, the Android and Google Play app ecosystem supported the creation of 30,000 jobs in the UAE, according to the report. The Google Impact Report in the UAE explores the impact of Google's products in 2024 across three areas: People, Businesses and Communities. Below are the additional findings: Making everyday life easier for people in the UAE AED 683 a month on average in consumer benefits is created by Google's services for the average person in the UAE. 63% of adults in the UAE said they have used Gemini, Google's AI Assistant. 90% of users agreed that Gemini helped them to be more productive. 71% of users agreed that Gemini is easier to use in Arabic than other AI chatbots. 50% of adults in the UAE agree that Google Search is essential to their daily lives. 89% of adults in the UAE reported that Google Maps and/or Waze were very useful when they were avoiding getting lost. 90% of adults in the UAE agreed that the ability to make contactless payments on mobile devices through the likes of GPay or GWallet makes their life easier. Fueling the Growth of Businesses in the UAE 91% of businesses in the UAE report using at least one AI tool in their workflows. 73% of 18-24 year olds said they use Google Search at least weekly to shop or browse products online. 80% of adults in the UAE use Google Maps and/or Waze at least once a month to find a local business. 86% said they checked Google reviews before visiting a venue or business at least once a month. 94% of adults in the UAE use Google Search at least once a month to compare the prices of products and services. 97% of public sector workers in the UAE said that Google AI-enabled tools help them to be more productive at work. Empowering Communities in the UAE This section of the report combines Public First research and Google internal data and estimates Google's contribution to creators, developers and publishers. AED 455 million of revenue generated by the Android App Economy for UAE-based developers in 2024. 600+ YouTube channels in the UAE have over 1 million subscribers, an increase of 15% year on year. 20,000+ journalists and journalism students trained by the Google News Initiative in the MENA region, including in the UAE. About the research Google commissioned independent consultancy Public First to explore how Google's innovations and products are helping communities, workers and businesses in the UAE, as well as the future potential of AI across the nation. Public First conducted a survey of 1,110 online adults based in the UAE and a survey of 389 business leaders based in the UAE. These surveys were conducted in English and Arabic in March 2025. All results are weighted using Iterative Proportional Fitting, or 'Raking'. The online adult results are weighted by age, gender, education level, and region to nationally representative proportions. The full report can be found here: For more information about the report methodologies, please contact:

Channel Post MEA

6 days ago

• Channel Post MEA

ESET Discovers Iran-Aligned BladedFeline Spies on Iraqi and Kurdish Officials

ESET researchers discovered that the Iran-aligned threat group BladedFeline has targeted Kurdish and Iraqi government officials in a recent cyber-espionage campaign. The group deployed a range of malicious tools discovered within the compromised systems, indicating a continued effort to maintain and expand access to high-ranking officials and government organizations in Iraq and the Kurdish region. The latest campaign highlights BladedFeline's evolving capabilities, featuring two tunneling tools (Laret and Pinar), various supplementary tools, and, most notably, a custom backdoor Whisper and a malicious Internet Information Services (IIS) module PrimeCache, both identified and named by ESET. Whisper logs into a compromised webmail account on a Microsoft Exchange server and uses it to communicate with the attackers via email attachments. PrimeCache also serves as a backdoor: it is a malicious IIS module. PrimeCache also bears similarities to the RDAT backdoor used by OilRig Advanced Persistent Threat (APT) group. Based on these code similarities, as well as on further evidence presented in this blogpost, ESET assesses that BladedFeline is a very likely subgroup of OilRig, an Iran-aligned APT group going after governments and businesses in the Middle East. The initial implants in the latest campaign can be traced back to OilRig. These tools reflect the group's strategic focus on persistence and stealth within targeted networks. BladedFeline has worked consistently to maintain illicit access to Kurdish diplomatic officials, while simultaneously exploiting a regional telecommunications provider in Uzbekistan, and developing and maintaining access to officials in the government of Iraq. ESET Research assesses that BladedFeline is targeting the Kurdish and Iraqi governments for cyberespionage purposes, with an eye toward maintaining strategic access to the computers of high-ranking officials in both governmental entities. The Kurdish diplomatic relationship with Western nations, coupled with the oil reserves in the Kurdistan region, makes it an enticing target for Iran-aligned threat actors to spy on and potentially manipulate. In Iraq, these threat actors are most probably trying to counter the influence of Western governments following the US invasion and occupation of the country. In 2023, ESET Research discovered that BladedFeline targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports. The group has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government, but is not the only subgroup of OilRig that ESET Research is monitoring. ESET has been tracking Lyceum, also known as HEXANE or Storm-0133, as another OilRig subgroup. Lyceum focuses on targeting various Israeli organizations, including governmental and local governmental entities and organizations in healthcare. ESET expects that BladedFeline will persist with implant development in order to maintain and expand access within its compromised victim set for cyberespionage.

Gulf Today

15-06-2025

• Gulf Today

US female lawmaker and her husband shot dead in targeted attack

A gunman posing as a police officer killed a senior Democratic state assemblywoman and her husband on Saturday in an apparent "politically motivated assassination," and wounded a second lawmaker and his spouse, said Minnesota Governor Tim Walz and law enforcement officials. A major search backed by the FBI was underway for the suspect, who fled on foot after firing at police and abandoning a vehicle in which officers found a "manifesto" listing other legislators and officials, law enforcement officials said. A police official said there were "people of interest that we are looking for." The pre-dawn Minnesota killings come amid a surge in US political attacks in recent years, underscoring the dark side of the nation's deepening political divisions. Melissa Hortman and John Hoffman (R) in this undated handout photo. Planned anti-Trump demonstrations in Minnesota organised nationwide by the "No Kings" coalition have been cancelled following the shootings, the group said. President Donald Trump said he was briefed on the "terrible shooting that took place in Minnesota, which appears to be a targeted attack against State Lawmakers." "Such horrific violence will not be tolerated in the United States of America. God Bless the great people of Minnesota, a truly great place!" he said in a statement. Democratic state assemblywoman Melissa Hortman, a former assembly speaker, and her husband, Mark, were shot dead in their home in the Minneapolis suburb of Brooklyn Park, Walz and law enforcement officials told reporters. Her official website says they have two children. Walz said that the gunman went to the Hortmans' residence after shooting Senator John Hoffman and his wife multiple times in their home in the nearby town of Champlin. Brooklyn Park police officers check a vehicle entering a neighbourhood on Saturday. AFP They underwent surgery, Walz said, adding that he was "cautiously optimistic" that they would survive "this assassination attempt." "This was an act of targeted political violence," he said. "Peaceful discourse is the foundation of our democracy. We don't settle our differences with violence or at gunpoint." Law enforcement officials said the gunman attacked the Hoffmans at around 2 a.m. CDT (0700 GMT) and then drove about five miles to the Hortmans' residence. Brooklyn Park Police Chief Mark Bruley said that a "very intuitive" police sergeant who responded to the Hoffman attack asked colleagues to "proactively" check the Hortmans' residence. LAWMAKERS ON LIST The two officers arriving at the Hortmans' residence noticed what appeared to be a police vehicle parked in the driveway with its emergency lights on and an individual dressed and equipped as a police officer leaving the home, he said. The suspect "immediately fired upon the officers, who exchanged gunfire and the suspect retreated back into the home," Bruley continued. The suspect, who was wearing a vest with a taser, other police equipment and a badge, is believed to have fled from the rear of the home, he said. The Hortmans and Hoffmans were on the list of names found in the suspect's car, officials said. Recent political violence in the US has occurred in so-called battleground states such as Michigan and Pennsylvania. Minnesota has been reliably Democratic in recent presidential elections, but Trump and Republicans have made significant gains. The spate of political violence includes the attempted 2020 kidnapping of Michigan Governor Gretchen Whitmer, a Democrat, and a man who broke into Democratic Pennsylvania Governor Josh Shapiro's residence in April and set it on fire. In July last year, then-candidate Trump escaped an assassination attempt by a gunman while speaking at a campaign rally in Pennsylvania. Trump has faced criticism from some opponents over his handling of incidents involving political violence. In one of his first moves in office earlier this year, Trump pardoned nearly everyone criminally charged with participating in the January 6, 2021, Capitol attack, a move critics said signaled support for the rioters. Reuters