The discovery was made last month by the cybersecurity firm Kaspersky precisely that division GReAT for "Global Research – Analysis Team".
This team made a discovery, it concerns spyware that had long gone unnoticed. He was not known yet, but he has targeted various financial institutions and other research centres around the world.
This article will also interest you: Who are the dumbest hackers in the world?
This spy program is called "Dtrack." According to Kaspersky's team, it was designed by the group of cyber criminals named "Lazarus".
This program serves essentially to download important documents on the system of victims it infects. This software also records keystrokes and other activities specifics related to the application that are RAT type, to get administrator privileges.
this makes it possible to make a comparison with other computer program that was discovered by the same team of Kaspersky researchers in 2018 in India specifically. He called himself ATMDtrack. which was a program designed to infiltrate ATMs with the aim of stealing certain information related to bank cards.
Following an investigation conducted using a computer security tool developed by Kaspersky Attribution Engine (Kaspersky Attribution Engine), it was discovered that there were more than 180 samples of new software from this malware, adopting the same characteristics quite similar to ATMDtrack. But they don't go after ATMs. He is particularly angry with the data. Also they serve as spyware. Referring to the strain, they were called Dtrack.
It is known that these two things had in common some elements that were perceived during the 2013 hacking campaign called darkSeoul, a computer attack that was attributed to the Lazarus group, classified as a persistent threat advanced in other words APT. This group is responsible for several computer attacks of all kinds. Ranging from cyberespionage to sabotage, he has left an indelible mark on the world of hackers.
In addition, the new Dtrack tools have also been used as "RAT" remote means of administration. This of course allows its users to take control of the systems they manage to infect. They will then be able to download it, edit files or perform actions that will allow it to have total control over their victims.
the the most affected victims of these activities of the Lazarus malware are usually these institutions that tend to overlook some key aspects of their computer security. The network security policy is very weak and there is a level of neglect traffic usually makes it easier for hackers to get easily to implant their malware and often even use it as you please. like it was mentioned above it allows to make keystroke recorders, collect data relating to navigation, identifiers Etc.
According to Kaspersky, this malware is still active and is used in several cyberattacks: "Lazarus is a rather unusual group, funded by a state. On the one hand, like many other similar groups, it focuses on cyberespionage or cyber-sabotage operations. Yet, on the other hand, it is also established that it influences attacks clearly aimed at stealing money. This second aspect is quite exceptional for a malicious actor of this level because, generally, the operations of other comparable players have no financial motivations.
The large amount of Dtrack samples we discovered shows that Lazarus is one of the most active APT groups, constantly developing and evolving threats in the hope of reaching large-scale sectors. The success of this group's execution of the RAT Dtrack proves that even when a threat appears to have disappeared, it can resurface in another form to attack new targets. Even research centres and financial institutions operating exclusively in the commercial sector, unrelated to the government, must nevertheless consider in their threat model the risk of an attack by a sophisticated malicious actor and prepare for it accordingly," explained Konstantin Zykov, security specialist in Kaspersky's GReAT team.
The cybersecurity firm also assured that its tools can block and even destroy these malware.
Now access an unlimited number of passwords: