Mastodawn

Proofpoint is proud to have assisted law enforcement in the #OperationEndgame investigation that led to the November 13, 2025 disruption of #Rhadamanthys and #VenomRAT, both #malware used by multiple cybercriminals.

• Rhadamanthys: https://brnw.ch/21wXs1N
• VenomRAT: https://brnw.ch/21wXs1O

---

Since May 2024, Operation Endgame—a global law enforcement and private sector effort that includes Proofpoint—has significantly disrupted the #malware and #botnet ecosystem.

👉 #Europol called the May 2024 Operation Endgame actions “the largest ever operation against botnets.”

👉 In May 2025, additional malware families and their creators, including #DanaBot, were taken down.

---

Each disruption forces threat actors to adapt and invest time and resources to retool their attack chains.

With our unique visibility and leading detection capabilities, Proofpoint researchers will continue monitoring the threat landscape and provide insight into the biggest cyber threats to society.

maniabel Nov 12

Die "Operation Endgame" war für immerhin 6 Monate nachhaltig: DanaBot ist mit neuer Variante für Windows-Systeme zurück.
https://maniabel.work/archiv/191
#MaaS #Malware #BankingTrojaner #Trojaner #DanaBot #infosec #infosecnews #BeDiS

DanaBot ist mit neuer Windows‑Variante zurück – maniabel.work

Entdecken Sie, was Sie für die Sicherheit und den Schutz Ihrer Daten selbst tun können. <meta charset=

securityaffairs Nov 12

New #Danabot #Windows version appears in the threat landscape after May disruption
https://securityaffairs.com/184548/cyber-crime/new-danabot-windows-version-appears-in-the-threat-landscape-after-may-disruption.html
#securityaffairs #hacking #malware

New Danabot Windows version appears in the threat landscape after May disruption

DanaBot returns after 6 months with a new Windows variant (v669), marking its comeback after being disrupted by Operation Endgame in May.

Security Affairs

The Threat Codex Nov 12

DanaBot malware is back to infecting Windows after 6-month break
#DanaBot
https://www.bleepingcomputer.com/news/security/danabot-malware-is-back-to-infecting-windows-after-6-month-break/

DanaBot malware is back to infecting Windows after 6-month break

The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement's Operation Endgame disrupted its activity in May.

BleepingComputer

TechNadu Nov 11

DanaBot resurfaces with version 669 - just months after Operation Endgame’s takedown.
New hybrid C2 (IP + Tor) setup spotted by @zscaler, focused again on cryptocurrency theft targeting BTC, ETH, LTC, and TRX.

Read the full breakdown: https://www.technadu.com/danabot-banking-trojan-resurfaces-with-version-669-after-operation-endgame-takedown-focused-on-cryptocurrency-theft/613038/

#CyberSecurity #DanaBot #Malware #ThreatIntel #Crypto #InfoSec

ESET Research Aug 7, 2025

#ESETresearch joins Europol’s Cyber Intelligence Extension Programme (CIEP) 🤝 We are proud to announce ESET’s participation in the pilot phase of CIEP, a new initiative launched by Europol 's European Cybercrime Centre (EC3).
The program aims to strengthen public-private cooperation in the fight against cybercrime by enabling real-time collaboration and intelligence sharing. ESET Chief Research Officer Roman Kovac & Senior Malware Researcher Jakub Soucek, spent several days at Europol’s HQ.
ESET has already cooperated in EC3's Advisory Group, where we are represented by ESET Senior Research Fellow Righard Zwienenberg. ESET has also contributed to successful law enforcement operations: #Gamarue, #RedLine, #Grandoreiro, #LummaStealer #Danabot.
The new CIEP initiative elevates this collaboration further, creating opportunities for direct, real-time engagement with Europol’s operational teams. Partnerships like this one are crucial in mitigating risks within today's rapidly evolving cyber threat landscape.
Cyber threats evolve rapidly, but through these partnerships, so does our collective defense. Together we can make Europe a safer place. 🤝

ESET Research Jul 11, 2025

In May 2025, #ESET participated in operations that largely disrupted the infrastructure of two notorious infostealers: #LummaStealer and #Danabot.
As part of the Lumma Stealer disruption effort, carried out in conjunction with Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, ESET supplied technical analysis and statistical information.
Danabot was targeted by the #FBI and #DCIS, alongside #OperationEndgame led by #Europol and #Eurojust. ESET participated together with several other companies. We provided the analysis of the malware’s backend infrastructure and identified its C&C servers.
Before these takedowns, both infostealers were on the rise: in H1 2025, Lumma Stealer detections grew by 21%, while Danabot’s numbers increased by more than 50%.
For a time, Lumma Stealer was the primary payload of HTML/FakeCaptcha trojan, used in the #ClickFix social engineering attacks that we also cover in this issue of the #ESETThreatReport. In recent months, we have seen Danabot being delivered via ClickFix as well.
For more details on these two operations and on the ClickFix attacks, read the latest #ESETThreatReport: https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025

Mateusz Chrobok Jun 22, 2025

Zazwyczaj donoszę Wam (oczywiście uprzejmie) o wyciekach, kradzieżach, szpiegostwie i innych bezpiecznikowych katastrofach. Ale dziś? Mamy dwie gigantyczne wygrane w wojnie z cyberprzestępcami - i to z polskim akcentem! 🦫

W nowym odcinku opowiadam o spektakularnym rozbiciu LummaStealera i ciosie wymierzonym w Danabota - dwóch złośliwych bestiach, które przez lata truły życie firmom i zwykłym użytkownikom na całym świecie. Jak działały? Jak je rozpracowano? Jakie miało to konsekwencje?

I co najważniejsze - jak w ogóle wygląda "fraud-as-a-service" od kuchni, łącznie z cenami, dokumentacją i obsługą klienta 24/7?

Odcinek przygotowany przy współpracy z ESET i DAGMA Bezpieczeństwo IT🦾

Zapraszam 👇
https://youtu.be/fcTdhBq4U88

#cybersecurity #LummaStealer #Danabot #ESET #DagmaBezpieczeństwoIT

Ryneczek z wirusami

YouTube

cryptax Jun 12, 2025

DanaBleed: DanaBot C2 Server Memory Leak Bug from https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug

The security researchers used a bug in an updated version of DanaBot, where a new buffer was allocated but not initialized and thus contained some process information of the C2 like username, IP address, victim etc.

Well done! That was clever.

cc: @VirusBulletin

#danabot #malware #c2

DanaBleed: DanaBot C2 Server Memory Leak Bug | ThreatLabz

A flaw in DanaBot's C2 server code caused a memory leak that we named "DanaBleed", exposing sensitive data and offering researchers a look into DanaBot’s operations.

The DefendOps Diaries Jun 10, 2025

A tiny memory flaw turned the tables on cybercrime. How did a missed byte expose a hidden criminal network and spark a massive law enforcement takedown? Read on for how DanaBleed changed the game.

https://thedefendopsdiaries.com/the-danableed-vulnerability-a-turning-point-in-cybersecurity/

#danableed
#cybersecurity
#memoryleak
#danabot
#infosec