Data Recovery Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

North Korean Hackers Targeting ATM Data with New Malware

We often hear about malware affecting personal computers, laptops, and smartphones of consumers across the world. After all, it's incredibly easy to download a virus or malware that's disguised to mimic legitimate software and, in some cases, actual programs and apps are infected or taken over without the developer's knowledge.

Despite the prevalence of malware, it's not very often that it's used to hack into an automated teller machine (ATM). However, that's exactly what North Korean hackers are attempting to do with the newest tool in their arsenals.

But the troubles don't stop there. According to reports, the primary hacking group – known as Lazarus – is responsible for the new strain of malware and they might be working directly with the government of North Korea.

Known as ATMDtrack, or simply Dtrack, this particular piece of malware is actually only one component of a much larger trojan horse. Investigators believe the package is meant for online and digital espionage tactics.

A recent blog post, written by Konstantin Zykov with Kaspersky Lab, said, in part: "Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the machines. Naturally, we wanted to know more about that ATM malware, so we used YARA and Kaspersky Attribution Engine to uncover more interesting material: over 180 new malware samples of a spy tool that we now call Dtrack."

Upon examining the 180 different malware samples, researchers with Kaspersky found the following threats:

• Traditional keylogging
• Unauthorized access to Internet browser history
• Collection of host IP addresses
• Identification of all processes currently running on a system
• Listing every filename and location across all available drives

As you can see, these are rather sophisticated attacks that are designed to help the hackers gain access to personal or confidential data, copy and replace files, and even determine the geographic location of a specific system.

While Lazarus was once considered a small group of hackers who posed no real threat, they've become increasingly active over the past few years. Their recent attempts to hack ATMs are just the latest in a string of online attacks that have been executed by the team.

Zykov's blog post concluded by saying: "The vast amount of Dtrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development. They continue to develop malware at a fast pace and expand their operations. We first saw early samples of this malware family in 2013, when it hit Seoul. Now, six years later, we see them in India, attacking financial institutions and research centers. And once again, we see that this group uses similar tools to perform both financially-motivated and pure espionage attacks."


No comments yet. Sign in to add the first!