In India, the case of people who have bank accounts, the information of their ATMs was stolen from malware. This work is being done by the Lazarus Group of North Korea. It is being controlled by the Primary Intelligence Bureau Reconnaissance General Bureau there. The Lazarus Group came into the limelight in 2014 when it attacked malware at Sony Pictures Entertainment. In 2017, it has also attacked the WannaCry ransomware in several countries including the US and UK.
Regarding this, security researcher Constantin Jayakov of the Kaspersky Global Research and Analysis team said, “Lazarus is a group that focuses on cyberspace or subbot operations. It has also been found to be involved in a number of malware attacks. It is aimed at people only. To steal the money. ” Caspersky researchers detected ATMDtrack, a banking malware. It was targeting Indian banks in 2018. Researchers reported that the malware was designed to plant in Victim’s ATM card, from where it could read and store data when the card was inserted into the machine. Later, with the help of this data, bank holders’ money can be easily stolen.
Researchers found 180 new malware samples, which had similar code sequences as ATMDtrack. According to the different list of their works, they have been considered as Spy Tool Dtrack. According to Indian Financial Caspersky researchers, with the help of Detrack spyware found at Institutions and Research Centers, files could be uploaded or downloaded to Victim’s system. It also acted like the Malicious Remote Administration Tool (RAT), and could record which buttons the user pressed. DeTrack could function like a remote administration tool. This would give the hackers complete control over the infected device. Then they used to change the settings of the device to upload or download files. This first victimized the institutions with weak network security policy. Caspersky then alerts that the malware is still active.