The Dreambot malware is one of the most popular threats of 2019. This project has been active ever since 2014, and over the course of last year, the Dreambot threat managed to infect over 1,000,000 targeted systems. Interestingly enough, the authors of the Dreambot malware have decided to halt their activity in March 2020. Malware researchers found that the C&C (Command & Control) servers affiliated with the activity of the Dreambot threat have been shut down. The creators of the Dreambot malware were offering the threat as a CaaS (Cybercrime-as-a-Service), which helped the authors generate a significant amount of revenue. Any cyber crook that is willing to pay the demanded fee would have been able to use the Dreambot malware for their nefarious deeds. It is not yet known why the Dreambot threat’s creators opted to shut down this profitable and successful operation.
According to malware experts, the Dreambot threat is a project based on the Gozi Trojan. The Dreambot threat almost appeared out of the blue and had significant upgrades and updated capabilities that made it a severe threat. The expanded list of capabilities, combined with the fact that the Dreambot threat was offered as a CaaS, made this malware a top-tier project that proved to be very successful. The Dreambot threat was able to:
- Install a rootkit on the compromised host.
- Collect the keystrokes of the victim.
- Record the screen of the user.
- Collect the contacts list and emails of the victim.
- Collect data from the user’s Web browser.
- Spawn a bogus phishing overlay when it detects that the user is attempting to access a banking portal.
- Allow the attackers to control the infected computer remotely.
Despite the fact that the Dreambot malware has ceased operating, there are numerous other threats that are lurking on the Web, which are just as threatening and effective as this CaaS project. Make sure your computer is protected by a genuine anti-malware suite, and do not forget to update all your applications regularly.