VideoDanabot under the microscope============================ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure [](/en/our-experts/editor/ ‘Editor’) [**Editor**](/en/our-experts/editor/ ‘Editor’)23 May 2025 As [US authorities](https://www.justice.gov/usao-cdca/pr/16-defendants-federally-charged-connection-danabot-malware-scheme-infected-computers), along with [Europol and Eurojust](https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-strikes-again-ransomware-kill-chain-broken-its-source), have announced a global disruption operation of Danabot, ESET researchers have released their [deep-dive analysis](https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/) of this sprawling malware-as-a-service (MaaS) operation that according to US authorities compromised more than 300,000 computers around the world and caused at least US$50 million in damage. ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that now resulted in a major disruption of the malware’s infrastructure.Watch the video with ESET Chief Security Evangelist [Tony Anscombe](https://www.welivesecurity.com/en/our-experts/tony-anscombe/) to learn more about the inner workings of the prolific malware and make sure to read the [full blogpost](https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/).Connect with us on [Facebook](https://www.facebook.com/eset), [X](https://x.com/ESET), [LinkedIn](https://www.linkedin.com/company/eset/) and [Instagram](https://www.instagram.com/eset/). *** ** * ** ***Let us keep youup to date—————————–Sign up for our newsletters Ukraine Crisis newsletter Regular weekly newsletter Subscribe #### Related Articles*** ** * ** ***[VideoLumma Stealer: Down for the countVideoLumma Stealer: Down for the count](/en/videos/lumma-stealer-disruption/ ‘Lumma Stealer: Down for the count’) *** ** * ** ***[VideoThe who, where, and how of APT attacks in Q4 2024–Q1 2025VideoThe who, where, and how of APT attacks in Q4 2024–Q1 2025](/en/videos/who-where-how-apt-attacks-q4-2024-q1-2025/ ‘The who, where, and how of APT attacks in Q4 2024-Q1 2025’) *** ** * ** ***[VideoSednit abuses XSS flaws to hit gov’t entities, defense companiesVideoSednit abuses XSS flaws to hit gov’t entities, defense companies](/en/videos/sednit-xss-govt-entities-defense-companies/ ‘Sednit abuses XSS flaws to hit gov’t entities, defense companies’)  ### Similar Articles[ESET researchDanabot: Analyzing a fallen empire](/en/eset-research/danabot-analyzing-fallen-empire/ ‘Danabot: Analyzing a fallen empire’)*** ** * ** ***[ESET researchESET takes part in global operation to disrupt Lumma Stealer](/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/ ‘ESET takes part in global operation to disrupt Lumma Stealer’)*** ** * ** ***### Share Article[](https://www.facebook.com/sharer/sharer.php?u=https://www.welivesecurity.com/en/videos/danabot-microscope/ ‘Facebook’) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.welivesecurity.com/en/videos/danabot-microscope/ ‘LinkedIn’) [](https://twitter.com/intent/tweet?url=https://www.welivesecurity.com/en/videos/danabot-microscope/ ‘Twitter’) [](mailto:?&subject=I wanted you to see this site&body=https://www.welivesecurity.com/en/videos/danabot-microscope/ ‘mail’) [](https://www.welivesecurity.com/en/videos/danabot-microscope/ ‘copy’) ### Discussion
Related Tags:
LummaStealer
GruesomeLarch
FROZENLAKE
Forest Blizzard
NAICS: 524 – Insurance Carriers And Related Activities
NAICS: 52 – Finance And Insurance
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 523 – Securities
Commodity Contracts
Other Financial Investments And Related Activities
NAICS: 522 – Credit Intermediation And Related Activities
Associated Indicators: