What is Dtrack, the spytool that is to blame for attacks on Indian financial institutions?
Dtrack samples were found to infect computers in 18 states in India.
By Rohan Abraham, ET Bureau |
Agencies
Cybersecurity firm Kaspersky announced the discovery of Dtrack, a hitherto undetected spytool which has proliferated Indian financial institutions and research centres. The new spyware is a different strain of the ARMDtrack malware that was discovered in 2018. It was created to infiltrate ATMs in the country and siphon card data of customers.
The investigation resulted in the identification of 180 new malware samples whose code held similarities with ATMDtrack. However, the new variants were not created to target ATMs. They are intended to be spy tools, tracking transaction data at financial institutions. ATMDtrack and Dtrack share similarities with the 2013 DarkSeoul campaign, whose origins were traced to Lazarus – an advanced persistence threat actor that was used for multiple cyber sabotage and espionage operations.
“The large amount of Dtrack samples we found demonstrate that Lazarus is one of the most active APT groups, constantly developing and evolving threats in a bid to affect large-scale industries and seeking to evade detection. Their successful execution of Dtrack RAT proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets,” said Konstantin Zykov, Security Researcher at Kaspersky’s Global Research and Analysis Team, Kaspersky, at an event in New Delhi.
Dtrack samples were found to infect computers in 18 states in India. A fourth of all affected systems were in Maharashtra (24 per cent), followed by Karnataka (18.5 per cent) and Telangana (12 per cent). The other major states where financial institutes were targeted by Dtrack include Tamil Nadu, Delhi, Kerala, and West Bengal.
The spyware in question is employed as a remote admin tool (RAT), enabling threat actors to exert complete control over infected devices. They can then perform a host of operations such as uploading and downloading files, and executing key processes that are integral to businesses.
“Although we have seen the number of local threats in India have decreased in the last quarter comparatively to last year, India is still consistently ranked as Top 10 countries in Kaspersky’s Cybermap Real Time Threat. This shows that India still needs to continue increasing its cyber security efforts, and the advanced persistent threat attack highlights the importance of investing in threat landscape,” said Saurabh Sharma, Senior Security Researcher (GReAT), Kaspersky (APAC).
The investigation resulted in the identification of 180 new malware samples whose code held similarities with ATMDtrack. However, the new variants were not created to target ATMs. They are intended to be spy tools, tracking transaction data at financial institutions. ATMDtrack and Dtrack share similarities with the 2013 DarkSeoul campaign, whose origins were traced to Lazarus – an advanced persistence threat actor that was used for multiple cyber sabotage and espionage operations.
“The large amount of Dtrack samples we found demonstrate that Lazarus is one of the most active APT groups, constantly developing and evolving threats in a bid to affect large-scale industries and seeking to evade detection. Their successful execution of Dtrack RAT proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets,” said Konstantin Zykov, Security Researcher at Kaspersky’s Global Research and Analysis Team, Kaspersky, at an event in New Delhi.
Dtrack samples were found to infect computers in 18 states in India. A fourth of all affected systems were in Maharashtra (24 per cent), followed by Karnataka (18.5 per cent) and Telangana (12 per cent). The other major states where financial institutes were targeted by Dtrack include Tamil Nadu, Delhi, Kerala, and West Bengal.
The spyware in question is employed as a remote admin tool (RAT), enabling threat actors to exert complete control over infected devices. They can then perform a host of operations such as uploading and downloading files, and executing key processes that are integral to businesses.
“Although we have seen the number of local threats in India have decreased in the last quarter comparatively to last year, India is still consistently ranked as Top 10 countries in Kaspersky’s Cybermap Real Time Threat. This shows that India still needs to continue increasing its cyber security efforts, and the advanced persistent threat attack highlights the importance of investing in threat landscape,” said Saurabh Sharma, Senior Security Researcher (GReAT), Kaspersky (APAC).
ADVERTISEMENT
Check out the next frontier of machine learning algorithms that will make decisions for us, solve our problems and change the way we live and work.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
ADVERTISEMENT
