Cyber security firm Kaspersky has identified a new malware active in some of the Indian financial institutions that can steal confidential information like transaction details from the system and remotely control the infected devices.
Kaspersky said the malware is created by Lazarus group controlled by North Korea’s primary intelligence bureau. Lazarus was associated with Wannacry ransomware infections that affected several systems in India in 2017. It was also blamed for the 2014 cyber attack on Sony Pictures Entertainment.
The researchers have discovered ATMDtrack, a banking malware targeting Indian banks, that is designed to be planted on the ATMs to read and store the data of cards inserted into the machines. The researchers found more than 180 new malware samples which had code sequence similarities with the ATMDtrack.
Kaspersky researchers had discovered the same ATMDtrack in 2018 too that was created to infiltrate Indian ATMs and steal customer card data.
Spotted in Indian financial institutions and research centres, the new spyeare, Dtrack, is being used to upload and download files to the victims’ systems, record key strokes and conduct other actions typical of a malicious remote administration tool (RAT), Kaspersky researchers found.
Dtrack can be used as a remote administration tool, giving threat actors complete control over infected devices. Criminals can then perform different operations, such as uploading and downloading files and executing key processes.
Entities targeted by threat actors using the Dtrack remote administration tool often have weak network security policies and password standards, while also failing to track traffic across the organisation, Kaspersky said.
If successfully implemented, the spyware can list all available files and running processes, key logging, browser history and host IP addresses – including information about available networks and active connections.
This newly discovered malware is active and is still used in cyberattacks, Kaspersky warned.
“Their successful execution of Dtrack RAT proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets.”
In one of the largest data breaches in India’s banking system, an estimated 3.2 million debit cards issued by various public or private banks were affected by data breach in 2016.
The debit cards were compromised between May 21-July 11, 2016. The breach was caused by a malware injection in the Hitachi Payment Services’ systems. The breach occurred on Yes Bank’s Atm network managed by Hitachi, an investigation found.