Home Malware Programs Botnets Dreambot

Dreambot

Posted: May 4, 2020

It seems that one of the largest banking malware families has been put to sleep by its authors – the infamous Dreambot, responsible for over 1,000,000 worldwide infections in 2019, has been inactive since March 2020. Cybersecurity experts report that the malware's control servers have been taken down, and they have failed to identify any newly infected victims. It is not clear why the Dreambot's authors have decided to cease its operation considering its success as a Cybercrime-as-a-Service (CaaS) offer. The original creators were selling access to the Dreambot malware's control servers, payload, and infrastructure to other cybercriminals. This enabled any cybercriminals to use Dreambot as long as they agree to pay a rental fee to the malware's original developers. Clearly, this campaign was very successful as Dreambot managed to reach over 1,000,000 infections in 2019 alone.

Dreambot is believed to be a project that expanded the features found in the Gozi Trojan, and it has been active since 2014. The sudden cease of the large-scale operation was a shock for malware researchers, certainly, since the Dreambot malware underwent regular updates and improvements.

Dreambot Trojan was Used for Financial Fraud

One of the latest iterations of the Dreambot malware packed a wide range of features that enabled the remote attacker to:

  • Establish a remote desktop session to the infected host.
  • Install a rootkit.
  • Record the screen.
  • Capture keystrokes.
  • Collect browser details.
  • Collect emails and email contacts.
  • Display fake phishing overlays when users visit an online financial service.

While the Dreambot might be dead for now, you can rest assured that there are countless other cyber-threats to watch out for. Users must ensure the safety of their systems by using an up-to-date anti-malware software suite, as well as being more careful with the websites they browse. Threats like the Dreambot malware may often be spread via fake downloads and updates, bogus email attachments or pirated games and software.

Related Posts

Loading...