Never miss a great news story!
Get instant notifications from Economic Times
AllowNot now

You can switch off notifications anytime using browser settings.
Stock Analysis, IPO, Mutual Funds, Bonds & More

What is Dtrack, the spytool that is to blame for attacks on Indian financial institutions?

Dtrack samples were found to infect computers in 18 states in India.

, ET Bureau|
Oct 22, 2019, 06.13 PM IST
cyber attack
Cybersecurity firm Kaspersky announced the discovery of Dtrack, a hitherto undetected spytool which has proliferated Indian financial institutions and research centres. The new spyware is a different strain of the ARMDtrack malware that was discovered in 2018. It was created to infiltrate ATMs in the country and siphon card data of customers.

The investigation resulted in the identification of 180 new malware samples whose code held similarities with ATMDtrack. However, the new variants were not created to target ATMs. They are intended to be spy tools, tracking transaction data at financial institutions. ATMDtrack and Dtrack share similarities with the 2013 DarkSeoul campaign, whose origins were traced to Lazarus – an advanced persistence threat actor that was used for multiple cyber sabotage and espionage operations.

“The large amount of Dtrack samples we found demonstrate that Lazarus is one of the most active APT groups, constantly developing and evolving threats in a bid to affect large-scale industries and seeking to evade detection. Their successful execution of Dtrack RAT proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets,” said Konstantin Zykov, Security Researcher at Kaspersky’s Global Research and Analysis Team, Kaspersky, at an event in New Delhi.

Dtrack samples were found to infect computers in 18 states in India. A fourth of all affected systems were in Maharashtra (24 per cent), followed by Karnataka (18.5 per cent) and Telangana (12 per cent). The other major states where financial institutes were targeted by Dtrack include Tamil Nadu, Delhi, Kerala, and West Bengal.
The spyware in question is employed as a remote admin tool (RAT), enabling threat actors to exert complete control over infected devices. They can then perform a host of operations such as uploading and downloading files, and executing key processes that are integral to businesses.

“Although we have seen the number of local threats in India have decreased in the last quarter comparatively to last year, India is still consistently ranked as Top 10 countries in Kaspersky’s Cybermap Real Time Threat. This shows that India still needs to continue increasing its cyber security efforts, and the advanced persistent threat attack highlights the importance of investing in threat landscape,” said Saurabh Sharma, Senior Security Researcher (GReAT), Kaspersky (APAC).

The New Age: Now Algorithms Can Predict Storms, Detect Heart Attacks, Edit Pictures

of 8
Play Slideshow

Building Blocks Of A New World

16 Jul, 2019
Check out the next frontier of machine learning algorithms that will make decisions for us, solve our problems and change the way we live and work.

Want stories like this in your inbox? Sign up for the daily ET Panache newsletter.

You can also follow us on Facebook, Twitter and LinkedIn.

Also Read

ISRO warned of a possible cyberattack when Dtrack came calling

Add Your Comments
Commenting feature is disabled in your country/region.
Download The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.

Other useful Links

Follow us on

Download et app

Copyright © 2019 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service