North Korean Malware Attacks ATMs and Banks

The infamous Lazarus Group is behind new malware discovered targeting ATMs and back-office systems in Indian banks and research centers, according to Kaspersky.

The Russian AV vendor claimed in a new report that it discovered the ATMDtrack malware back in late summer 2018. It is designed to sit on targeted ATMs and effectively skim the details of cards as they are inserted into the machine.

However, digging a little deeper, the researchers found another 180+ new malware samples similar to ATMDtrack but which were not designed to target ATMs.

Collectively, these Dtrack malware tools seem to be focused on information theft and eavesdropping, via functionality such as: keylogging; retrieving browser history; gathering host IP addresses and network info; and listing all running processes and files.

The dropper also contained a remote access trojan (RAT) to give attackers complete control over a victim’s machine.

Kaspersky claimed the Dtrack malware shares similarities with the DarkSeoul campaign of 2013, also linked to North Korea’s Lazarus Group, which disrupted computers at a South Korean bank and three TV stations, as well as countless ATMs.

“We first saw early samples of this malware family in 2013, when it hit Seoul. Now, six years later, we see them in India, attacking financial institutions and research centers,” noted the report. “And once again, we see that this group uses similar tools to perform both financially motivated and pure espionage attacks.”

However, Dtrack attackers would need to take advantage of weak network security policies, weak passwor ..

Support the originator by clicking the read the rest link below.