Dtrack Malware Detected in Financial Institutions in India: Kaspersky

HIGHLIGHTS
  • Maximum ‘Dtrack’ samples were found in Maharashtra
  • Karnataka and Telangana followed in the second spot
  • Dtrack is a spy tool spotted in Indian financial institutions last year

Maharashtra is in the top in the list of 18 Indian states where samples of “Dtrack” malware have been detected in financial institutions, raising significant concern for security systems, research by Russia-based cyber security firm Kaspersky revealed.

The maximum ‘Dtrack’ samples were found in Maharashtra (24 per cent) followed by Karnataka (18.5 per cent) and Telangana (12 per cent), said Kaspersky.

The other infected states include West Bengal, Uttar Pradesh, Tamil Nadu, Delhi and Kerala, said the firm, explaining that Dtrack is a spy tool which had been spotted in Indian financial institutions and research centres last year.

Marking the security concerns, the firm said that the newly-discovered malware is “active and based on Kaspersky telemetry”, and is still used in “cyber attacks”.

The firm said that its researchers in 2018 discovered “ATMDtrack”– a malware created to infiltrate Indian Automated Teller Machines (ATMs) and steal customer card data.

“Following further investigation using the Kaspersky Attribution Engine and other tools, the researchers found more than 180 new malware samples which had code sequence similarties with the ATMDtrack – but at the same time clearly were not aimed at ATMs,” Kaspersky said.

“Instead their list of functions defined them as spy tools – now known as Dtrack.”

Moreover, not only did the two strains share similarities with each other, but also with the 2013 Dark Seoul campaign which was attributed to Lazarus – an infamous advanced persistent threat actor responsible for multiple cyberespionage and cyber sabotage operations, Kaspersky said.

As per the firm, Dtrack can be used as Remote Admin Tool (RAT), giving threat actors complete control over infected devices. “Criminals can then perform different operations, such as uploading and downloading files and executing key processes.