Dtrack RAT malware targeting Indian financial institutions, recently discovered by Kaspersky is very dominant in terms of malware development and used for cyber attacks specifically on financial institutions like Banks etc .Researchers discovered the Dtrack spy tool when they were analysing the ATMDtrack malware that was targeting Indian banks.
Maharashtra is in the top in the list of 18 Indian states where samples of “Dtrack” malware. The maximum ‘Dtrack’ samples were found in Maharashtra (24%) followed by Karnataka (18.5%) and Telangana (12%). The other infected states include West Bengal, Uttar Pradesh, Tamil Nadu, Delhi and Kerala, said the firm, explaining that Dtrack is a spy tool which had been spotted in Indian financial institutions and research centres last year.
The newly-discovered malware is “active and based on Kaspersky telemetry”, and is still used in “cyberattacks” said the research.
Details of research:
- Dtrack can be used as Remote Admin Tool (RAT), giving threat actors complete control over infected devices. “Threat actors can perform actions such as uploading and downloading files and executing key processes.”
- Organizations targeted by threat actors using the Dtrack remote administration tool often have weak network security policies and password standards, while also failing to track traffic across the organisation, said the research.
- The malware can list all available files and running processes, key logging, browser history and host IP addresses – including information about available networks and active connections.
- This newly discovered malware is active and is still used in cyberattacks, Kaspersky “When such malwares are executed successfully it proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets” said research.
- Researchers believe that a part of the old code was reused in the attacks against Indian financial sectors. Early September 2019 witnessed the last detected activity of the Dtrack.
Saurabh Sharma, Senior Security Researcher Global Research and Analysis Team (GReAT), Kaspersky (APAC), said: “Although we have seen the number of local threats in India decreasing in the last quarter compared to last year, the country is still consistently ranked as top 10 countries in Kaspersky’s Cybermap Real Time Threat.”
Suggestion to avoid attacks:
It is recommended to conduct regular security training sessions for staff, use traffic monitoring software such as Kaspersky Anti Targeted Attack Platform (KATA) and use anti-virus solutions.
It is recommended to tighten their network and password policies as well as perform regular security audit of an organisation’s IT infrastructure in order to remain safe from attack from such malware as Dtrack RAT.
(Image Courtesy: www.pymnts.com)