Frauds, especially online and bank-related have expanded themselves throughout the country, like wildfire. The count of ATM frauds registered in the Assessment Year 2018-19 was recorded to be 980, which is the highest number till today. Inspite of government taking precautionary actions in such cases, this number has increased significantly since the past 2 years.
As scary and vulnerable as it sounds, such problems do take the best of you. Just recently, a new ATM malware named ATMDtrack has been discovered on the networks of Indian banks.
To be honest, the level of sophistication of such malware is increasing and is becoming more potent. This particular malware however, traces back to North Korean troops, as per researchers at Kaspersky.
North Korean Troops Planting Malware
In 2013, North Korean hackers conducted a series of attacks aimed against South Korea, which was named as ‘Operation DarkSeoul’. It was discovered to have been conducted by the Lazarus Group, a well-known cyber-espionage outfit operating at the behest of the North Korean government.
Recently, a new malware has been spotted on the networks of Indian banks since late summer 2018, named ATMDtrack and India has been targeted with newer attacks with a more potent and expanded version of the same malware, named DTrack that focuses on spying and data theft, rather than financial crime, and comes with features normally found in remote access trojan (RAT).
This being said, the Lazarus Group was sanctioned by the US Treasury just 10 days back for orchestrating cyber-attacks on banks, ATM networks, gambling sites, online casinos, and cryptocurrency exchanges to steal money from legitimate businesses and raise funds for the country’s weapons and missile programs.
ATMDtrack and Dtrack Malware
The malware ATMDtrack was spotted on the networks of Indian banks since late summer 2018, while the recent one, with a more potent and expanded version of the same malware, Dtrack appears to be one of the Lazarus Group’s most recent creations.
As per Kaspersky, this Dtrack samples found in the ATM systems of India can perform the following operation:
- Retrieve browser history
- Gather host IP addresses, information about available networks and active connections
- List running processes
- List files on all available disk volumes.