It seems that one of the largest banking malware families has been put to sleep by its authors – the infamous Dreambot, responsible for over 1,000,000 worldwide infections in 2019, has been inactive since March 2020. Cybersecurity experts report that the malware's control servers have been taken down, and they have failed to identify any newly infected victims. It is not clear why the Dreambot's authors have decided to cease its operation considering its success as a Cybercrime-as-a-Service (CaaS) offer. The original creators were selling access to the Dreambot malware's control servers, payload, and infrastructure to other cybercriminals. This enabled any cybercriminals to use Dreambot as long as they agree to pay a rental fee to the malware's original developers. Clearly, this campaign was very successful as Dreambot managed to reach over 1,000,000 infections in 2019 alone.
Dreambot is believed to be a project that expanded the features found in the Gozi Trojan, and it has been active since 2014. The sudden cease of the large-scale operation was a shock for malware researchers, certainly, since the Dreambot malware underwent regular updates and improvements.
Dreambot Trojan was Used for Financial Fraud
One of the latest iterations of the Dreambot malware packed a wide range of features that enabled the remote attacker to:
- Establish a remote desktop session to the infected host.
- Install a rootkit.
- Record the screen.
- Capture keystrokes.
- Collect browser details.
- Collect emails and email contacts.
- Display fake phishing overlays when users visit an online financial service.
While the Dreambot might be dead for now, you can rest assured that there are countless other cyber-threats to watch out for. Users must ensure the safety of their systems by using an up-to-date anti-malware software suite, as well as being more careful with the websites they browse. Threats like the Dreambot malware may often be spread via fake downloads and updates, bogus email attachments or pirated games and software.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Dreambot may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.