Security experts discovered a malware that’s intended to exploit ATMs of India Banks and steal customers’ sensitive information. The malware, dubbed ATMDtrack, allows the attackers to read and store customers’ card data when they are inserted into the infected ATMs.
According to Konstantin Zykov, a researcher at Kaspersky Labs, the attacker who created the ATMDtrack has been traced to the cyber-hacking outfit Lazarus Group controlled by North Korea’s primary intelligence bureau.
The scandalous Lazarus Group is a prime suspect in a series of cyber-muggings, including the cyber- attack on Sony Pictures Entertainment in 2014, and the WannaCry ransomware attack in 2017.
North Korea was accused multiple times earlier for stealing valuable information and cryptocurrencies. Through the years, North Korea has been linked to a series of cyber-attacks, either to display its cyber prowess or just to fund their activities. One of the most brazen attacks occurred in February 2016 when hackers tried to steal $101 million from a Bangladesh Central Bank account at the New York Federal Reserve, and move it to Sri Lanka.
“Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the machines. Naturally, we wanted to know more about that ATM malware, so we used YARA and Kaspersky Attribution Engine to uncover more interesting material: over 180 new malware samples of a spy tool that we now call Dtrack,” said Konstantin Zykov in a statement.
“When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family because we see new ATM malware families appearing on a regular base. However, this case proved once again that it is important to write proper YARA rules and have a solid working attribution engine because this way you can uncover connections with malware families that have appeared in the past. One of the most memorable examples of this was the WannaCry attribution case,” Zykov added.
