Malware-as-a-service platform Danabot had operational information over the past three years exposed by a command-and-control infrastructure vulnerability, potentially aiding in its disruption as part of the ongoing international law enforcement effort Operation Endgame, according to Cyber Security News.
The DanaBleed flaw, which stemmed from a programming error in the malware's Delphi-based C2 protocol implementation that emerged in June 2022, enabled inadvertent leakage of process memory fragments from the C2 server, a report from Zscaler revealed. Integration of problematic code within the C2's programming facilitated the transmission of sensitive server memory, including SQL database queries, HTML interface snippets, cryptographic material, and debug details, alongside C2 responses until earlier this year. Aside from revealing threat actors' usernames and IP addresses, infection statistics, malware version updates, and backend C2 server infrastructure information, DanaBleed also exposed attackers' private cryptographic keys and data exfiltrated from victims, including their credentials, Zscaler researchers added.
The DanaBleed flaw, which stemmed from a programming error in the malware's Delphi-based C2 protocol implementation that emerged in June 2022, enabled inadvertent leakage of process memory fragments from the C2 server, a report from Zscaler revealed. Integration of problematic code within the C2's programming facilitated the transmission of sensitive server memory, including SQL database queries, HTML interface snippets, cryptographic material, and debug details, alongside C2 responses until earlier this year. Aside from revealing threat actors' usernames and IP addresses, infection statistics, malware version updates, and backend C2 server infrastructure information, DanaBleed also exposed attackers' private cryptographic keys and data exfiltrated from victims, including their credentials, Zscaler researchers added.
