DanaBot Malware Resurfaces with New Version 669

First reported

12.11.2025 18:34

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

DanaBot malware has returned with a new variant, version 669, after a six-month hiatus following Operation Endgame. The new version uses Tor domains and backconnect nodes for its command-and-control infrastructure. Researchers have identified cryptocurrency addresses used by threat actors to receive stolen funds. DanaBot, initially a banking trojan, has evolved into a modular information stealer and loader, targeting credentials and cryptocurrency wallet data. Despite law enforcement disruptions, DanaBot remains active, demonstrating the resilience of cybercriminal operations.

Timeline

12.11.2025 18:34 1 articles · 23h ago

DanaBot Malware Resurfaces with New Version 669
DanaBot malware has returned with a new variant, version 669, after a six-month hiatus. The new version uses Tor domains and backconnect nodes for its command-and-control infrastructure. Researchers have identified cryptocurrency addresses used by threat actors to receive stolen funds. Despite law enforcement disruptions, DanaBot remains active, demonstrating the resilience of cybercriminal operations.
Show sources

DanaBot malware is back to infecting Windows after 6-month break — www.bleepingcomputer.com — 12.11.2025 18:34
Open in new tab

Information Snippets

DanaBot version 669 uses Tor domains and backconnect nodes for command-and-control infrastructure.
First reported: 12.11.2025 18:34

1 source, 1 article
Show sources
- DanaBot malware is back to infecting Windows after 6-month break — www.bleepingcomputer.com — 12.11.2025 18:34
Threat actors are using specific cryptocurrency addresses to receive stolen funds in BTC, ETH, LTC, and TRX.
First reported: 12.11.2025 18:34

1 source, 1 article
Show sources
- DanaBot malware is back to infecting Windows after 6-month break — www.bleepingcomputer.com — 12.11.2025 18:34
DanaBot was initially a Delphi-based banking trojan and has evolved into a modular information stealer and loader.
First reported: 12.11.2025 18:34

1 source, 1 article
Show sources
- DanaBot malware is back to infecting Windows after 6-month break — www.bleepingcomputer.com — 12.11.2025 18:34
Operation Endgame in May 2025 disrupted DanaBot's infrastructure but did not permanently halt its operations.
First reported: 12.11.2025 18:34

1 source, 1 article
Show sources
- DanaBot malware is back to infecting Windows after 6-month break — www.bleepingcomputer.com — 12.11.2025 18:34
Initial access methods for DanaBot infections include malicious emails, SEO poisoning, and malvertising campaigns.
First reported: 12.11.2025 18:34

1 source, 1 article
Show sources
- DanaBot malware is back to infecting Windows after 6-month break — www.bleepingcomputer.com — 12.11.2025 18:34