Global Cyber Security firm Kaspersky exposed a new active malware on the systems of Indian Financial Institutions. It has the capacity to steal confidential information including transaction details. As well as, it can grant access to remotely control the infected devices. Since this malware has the attributes that are correlated with Wannacry Ransomware infections which affected numerous systems in 2017, it is suspected to be the work of a famous Lazarus group. They work for the North Korean Primary Intelligence Bureau. They are also blamed to be responsible for the 2014 cyber-attack on Sony Pictures entertainment. In addition, this malware has many similarities with the malware used in “Operation DarkSeoul” which is responsible for the series of attacks aimed against South Korean targets in 2013.
This banking malware is commonly called as ATMDtrack. It can read & store data of cards inserted into the victim machines. Researchers on Kaspersky uncovered it by analyzing more than 180 new malware samples using YARA and Kaspersky attribution. They discovered that this malware has code-sequence similarities with ATMDtrack. Dtrack is been used as a Remote Administration Tool. It gives complete control over infected devices. Criminals can then perform different operations like uploading & downloading files, executing key processes, fetching browser history & hosted IP addresses. Entities that are running on weak network security policies and password standards were mainly targeted by ATMDtrack. Kaspersky warned that this malware is still active and can attack a wide range of systems across the financial industry.
Prevention is better than cure. Security log management and threat correlation can help to find these types of threats in the earlier stage. Our next-gen SIEM, monitors all the events in the system and battle these types of emerging-malware. We offer the finest enterprise security & risk services to monitor, detect and destroy potential threats to your organization.