News

New North Korean malware zeroes in on India's ATMs

iStock photo

September 24, 2019

Summarize withChatGPTGrokPerplexityClaude

North Korea's notorious Lazarus Group has developed a strain of malware that steals data at ATMs in India, researchers at Moscow-based Kaspersky Lab reported on Monday.

Dubbed ATMDtrack, the malware has been targeting Indian ATMs since last summer and allows its operators to read and store data associated with cards that are inserted into infected ATMs.

As researchers investigated further, they found that the ATM malware was part of a larger remote-access trojan, or RAT, called Dtrack, that had been used as recently as this month to target financial institutions and research centers. A RAT gives threat actors complete control over infected devices.  

As Kaspersky discovered, not only do the two strains share similarities with each other, but also with the 2013 DarkSeoul campaign, a series of attacks aimed against South Korean targets in 2013, which was attributed to Lazarus.

As a state sponsored group, Lazarus is a rather unusual.

"On one hand, as many other similar groups do, it focuses on conducting cyberespionage or sabotage operations. Yet on the other hand, it has also been found to influence attacks that are clearly aimed at stealing money. The latter is quite unique for such a high profile threat actor because generally, other actors do not have financial motivations in their operations," Kaspersky Lab researcher Konstantin Zykov wrote In a blog post Monday.

He went on to explain that the vast amount of Dtrack samples the group found demonstrated how Lazarus is one of the most active advanced persistent threat groups constantly developing and evolving threats in a bid to affect large-scale industries.

"Their successful execution of Dtrack RAT proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets," he said.