ESET has played a key role in a major international operation to disrupt Danabot, a notorious malware-as-a-service (MaaS) platform used to steal sensitive data and deliver ransomware. The coordinated takedown was led by the U.S. Department of Justice, the FBI, and the Defense Criminal Investigative Service, in partnership with Europol and global law enforcement agencies from Germany, the Netherlands, and Australia.
ESET joined the effort alongside technology giants including Amazon, Google, CrowdStrike, Flashpoint, Intel471, PayPal, Proofpoint, Team Cymru, and Zscaler. ESET Research, which has tracked Danabot since 2018, provided in-depth technical analysis and helped identify the malware’s command-and-control (C&C) servers and backend infrastructure.
Danabot, historically active in countries such as Poland, Italy, Spain, and Turkey, operates as a single developer group offering its toolkit to affiliates. These affiliates deploy their own botnets to exfiltrate data, deliver further malware, and even launch DDoS attacks. ESET’s Tomáš Procházka noted the malware’s extensive features, including keylogging, browser and software credential theft, screen recording, remote system control, and payload delivery—often ransomware.
The takedown is part of Operation Endgame, an ongoing initiative to dismantle cybercriminal infrastructure. Authorities also identified individuals involved in Danabot’s development, sales, and operation, dealing a significant blow to its network.
ESET reports that Danabot’s authors had commercialized their toolkit by bundling it with malware loaders and cryptors, offering discounted distribution packages. One of the malware’s most prominent infection tactics was the abuse of Google Ads to promote fake software sites, luring victims into downloading malware disguised as legitimate software.
“The scale of disruption to Danabot remains to be seen, but unmasking those behind it is a substantial victory for the cybersecurity community,” said Procházka.
This operation marks a critical step in the global fight against organized cybercrime, with ESET reaffirming its commitment to collaboration and threat intelligence sharing.
