Dtrack RAT - New Malware
Dtrack RAT: The Malware Targeting Indian Financial Institutions
The Dtrack RAT has been attributed to the Lazarus group, which is said to be fairly active in terms of malware development.
The infected states include West Bengal, Uttar Pradesh, Tamil Nadu, Delhi, and Kerala, said the firm, explaining that Dtrack is a spy tool which had been spotted in Indian financial institutions and research centers last year.
Researchers from Kaspersky discovered the Dtrack spy tool when they were analyzing the ATMDtrack malware that was targeting Indian banks. The droppers were found to be containing several executables for spying purposes.
A few payload executables were found to be capable of listing running processes, listing files on all disk volumes, harvesting details about available networks and active connections, stealing host IP addresses, and keylogging.
Some executables box the collected data into an archive that is password-protected and save it to the disk. Other executables send the data to their command-and-control server directly.
“Aside from the aforementioned executables, the droppers also contained a remote access Trojan (RAT). The RAT executable allows criminals to perform various operations on a host, such as uploading/downloading, executing files, etc,” said the researchers.
To avoid being affected by malware such as Dtrack RAT, Kaspersky recommended to tighten their network and password policies as well as perform a regular security audit of an organization's IT infrastructure.
The Dtrack RAT has been attributed to the Lazarus group, which is said to be fairly active in terms of malware development.
The infected states include West Bengal, Uttar Pradesh, Tamil Nadu, Delhi, and Kerala, said the firm, explaining that Dtrack is a spy tool which had been spotted in Indian financial institutions and research centers last year.
Researchers from Kaspersky discovered the Dtrack spy tool when they were analyzing the ATMDtrack malware that was targeting Indian banks. The droppers were found to be containing several executables for spying purposes.
A few payload executables were found to be capable of listing running processes, listing files on all disk volumes, harvesting details about available networks and active connections, stealing host IP addresses, and keylogging.
Some executables box the collected data into an archive that is password-protected and save it to the disk. Other executables send the data to their command-and-control server directly.
“Aside from the aforementioned executables, the droppers also contained a remote access Trojan (RAT). The RAT executable allows criminals to perform various operations on a host, such as uploading/downloading, executing files, etc,” said the researchers.
To avoid being affected by malware such as Dtrack RAT, Kaspersky recommended to tighten their network and password policies as well as perform a regular security audit of an organization's IT infrastructure.
Comments
Post a Comment