Cases of Indian ATMs being infected with specific malware has been growing over the past few weeks. ATMDtrack, as it was officially designated, have supposedly been targeting various financial institutions within the country, and is believed to be North Korean in origin.
According to Kaspersky Lab, ATMDtrack is actually just part of an even more complex trojan, Dtrack, which has the base code for many other different spy tools used for other hacking purposes. As its name suggests, ATMDtrack is the ATM version of the malware. Discovered in 2018, it also has the same basic capabilities of directly tracking and eventually taking control of the devices and units that are infected.
The discovery made a few days ago was the fact that this very same malware has been spotted on a few select ATMs in India over the following previous weeks. The main objective, it seems, is to directly steal money. However, financial institutions aside, there were also a few research centers that were targeted specifically by ATMDtrack, so it was also possible that the malware was installed for the purposes of cyber-espionage and operation sabotage.
Analysis of the malware’s code and use strongly point to an organization that is known as the Lazarus group. They are unofficially known as the main hacking group in North Korea, conducting all kinds of different cyber-attacks for many different objectives, perhaps central to the purposes of the country they are working for.
In fact, traces of the Dtrack code found in ATMDtrack points directly to the huge cyber-attack incident last 2013 in South Korea. According to Trend Micro, a similarly coded malware attacked several banks and broadcast stations within the country, targeting their data storage systems and wiping them clean.
As for countermeasures regarding this incident, Kaspersky Lab has suggested several steps and procedures in its official press release that may help other Indian financial institutions (and perhaps other institutions from other countries later on) prevent any breach of digital security that may occur if an attempt to install the malware is made.
Additionally, those who may want more technical specifications in general about Dtrack may visit Kaspersky’s official Dtrack Securelist page.
Featured Image credit by Dr. Partha Sarathi Sahana via Flickr