ESET joins global takedown of Danabot

ESET joins global takedown of Danabot

ESET has played a key role in a major international operation to disrupt Danabot, a notorious malware-as-a-service (MaaS) platform used to steal sensitive data and deliver ransomware. The coordinated takedown was led by the U.S. Department of Justice, the FBI, and the Defense Criminal Investigative Service, in partnership with Europol and global law enforcement agencies from Germany, the Netherlands, and Australia.

ESET joined the effort alongside technology giants including Amazon, Google, CrowdStrike, Flashpoint, Intel471, PayPal, Proofpoint, Team Cymru, and Zscaler. ESET Research, which has tracked Danabot since 2018, provided in-depth technical analysis and helped identify the malware’s command-and-control (C&C) servers and backend infrastructure.

Danabot, historically active in countries such as Poland, Italy, Spain, and Turkey, operates as a single developer group offering its toolkit to affiliates. These affiliates deploy their own botnets to exfiltrate data, deliver further malware, and even launch DDoS attacks. ESET’s Tomáš Procházka noted the malware’s extensive features, including keylogging, browser and software credential theft, screen recording, remote system control, and payload delivery—often ransomware.

The takedown is part of Operation Endgame, an ongoing initiative to dismantle cybercriminal infrastructure. Authorities also identified individuals involved in Danabot’s development, sales, and operation, dealing a significant blow to its network.

ESET reports that Danabot’s authors had commercialized their toolkit by bundling it with malware loaders and cryptors, offering discounted distribution packages. One of the malware’s most prominent infection tactics was the abuse of Google Ads to promote fake software sites, luring victims into downloading malware disguised as legitimate software.

“The scale of disruption to Danabot remains to be seen, but unmasking those behind it is a substantial victory for the cybersecurity community,” said Procházka.

This operation marks a critical step in the global fight against organized cybercrime, with ESET reaffirming its commitment to collaboration and threat intelligence sharing.

62% of developers now shape purchasing decisions

62% of developers now shape purchasing decisions

Tareq Masoud, Country Manager, UAE, Snowflake, explains how developers are…
Designing data sovereignty without slowing innovation

Designing data sovereignty without slowing innovation

Sivaprakash V S, Technical Evangelist at ManageEngine, explains that Middle East…
Structured Cloud Vulnerability Management key for businesses

Structured Cloud Vulnerability Management key for businesses

Hussam Sidani, Vice President for the Middle East & North…
Batch 11 announced for Sanabil Accelerator by 500 Global

Batch 11 announced for Sanabil Accelerator by 500 Global

500 Global and Sanabil Investments announce the eleventh batch of the Sanabil Accelerator…
NanoClaw Creator Rejects $20M Buyout, Raises $12M Seed

NanoClaw Creator Rejects $20M Buyout, Raises $12M Seed

NanoCo, the startup behind the fast‑rising secure AI agent framework NanoClaw,…
Stream secures $5.2M seed extension led by BECO Capital

Stream secures $5.2M seed extension led by BECO Capital

Stream, the Riyadh-born payments and billing platform, has announced a $5.2 million…