Kaspersky has recently disclosed that samples of Dtrack Malware are affecting over 15 Indian States enterprises including Maharashtra, Karnataka, and Telangana.
Dtrack is a Remote Admin Tool or Remote Access Trojan (RAT) which is used to spy on people and to get easy access to sensitive data. RAT can record your keystrokes, browser history as well as can upload and download files.
It is notable that it is not limited to it. It can also do
- Keylogging,
- User history retrieval,
- Host IP address set,
- Network and active link information available,
- Recording and sending all processes running,
- Displaying all data on all accessible disk volumes.
In a blog post by Kaspersky, it is reported that they have found over 180 samples of Dtrack RAT. A majority of 24% is found in Maharashtra, 18.5% in Karnataka and 12% in Telangana. Uttar Pradesh, Tamil Nadu, Kerala, West Bengal, and Delhi are also affected by the same Malware.
The report further includes that “The vast amount of Dtrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development. They continue to develop malware at a fast pace and expand their operations. We first saw early samples of this malware family in 2013, when it hit Seoul. Now, six years later, we see them in India, attacking financial institutions and research centers. And once again, we see that this group uses similar tools to perform both financially-motivated and pure espionage attacks.”
DTrack Malware also includes ATMDTrack Malware. It gets famous in 2018 for breaching Indian Automated Teller Machines (ATMs) and stealing customer card information.
After successful in spying, criminals can gain partial control over the network. Kaspersky further advised the companies to tighten their Password and Security Policies, to use traffic monitoring tools, to improve their network policies.