Law enforcement and cybersecurity firms dismantle one of the world’s most persistent malware-as-a-service operations
Cybersecurity firm ESET has played a key role in the global disruption of Danabot, a sophisticated malware-as-a-service platform that has been active since 2018. The takedown—spearheaded by the US Department of Justice, Europol, and several international law enforcement bodies—targeted Danabot’s command-and-control infrastructure and identified individuals behind its development and operations.
Originally built to steal credentials and sensitive data, Danabot evolved into a powerful delivery mechanism for ransomware, keyloggers, screen recorders, and even tools for real-time remote control of victim systems. ESET, which has monitored Danabot for years, contributed technical intelligence, malware analysis, and infrastructure mapping to the joint effort.
“Since Danabot has been largely disrupted, we’re shedding light on its latest toolset and operations to help the industry prepare for what comes next.”
— Tomáš Procházka, Researcher, ESET
According to ESET’s research, Danabot’s creators operate as a centralized group offering rental access to affiliates who deploy the malware via custom campaigns. The toolset includes browser credential theft, FTP and email client data exfiltration, support for Zeus-style webinjects, and payload execution—routinely used to deploy ransomware or DDoS attacks, such as one targeting Ukraine’s Ministry of Defense.
“Danabot affiliates used deceptive Google Ads, fake software sites, and social engineering tactics to spread infections,” said Procházka.
Distribution partnerships, cryptor bundles, and underground marketing made Danabot a favorite among cybercriminals. Despite this disruption, ESET warns that recovery is possible if the ecosystem isn’t completely dismantled.
ESET has published a full technical breakdown titled “Danabot: Analyzing a Fallen Empire” on its WeLiveSecurity blog, offering defenders a detailed view of Danabot’s inner workings and affiliate infrastructure.
