DanaBleed DanaBot C2 Server Memory Leak Bug

Key Takeaways
DanaBot is a Malware-as-a-Service platform that emerged in 2018 with numerous capabilities to facilitate banking fraud, information theft, and provide remote access.
The platform has been used for a variety of purposes from banking fraud to espionage. From June 2022 to early 2025, a programming error in the DanaBot command and control (C2) server caused a memory leak.
Leaked information included: threat actor usernames, threat actor IP addresses, backend C2 server IP addresses and domains, infection and exfiltration statistics, malware version updates, private cryptographic keys, victim IP addresses, victim credentials, and other exfiltrated victim data.
In May 2025, Operation Endgame dismantled DanaBot infrastructure and indicted 16 members affiliated with the group.

To read the complete article see:
https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug