Kaspersky researchers have disclosed that they have found samples of malware called “Dtrack” from enterprises in India. Dtrack is a Remote Access Trojan (RAT) capable of recording your keystrokes, retrieving browser history, uploading or downloading files and much more.
According to recent reports, Dtrack malware is prevalent across Indian states including Maharashtra, Karnataka, and Telangana. The researchers got over 180 malware samples in which about 24 percent were found in Maharashtra while the values stand at 18.5 percent in Karnataka and 12 percent in Telangana. Dtrack has also affected other states like West Bengal, Uttar Pradesh, Tamil Nadu, Delhi, and Kerala as well.
“The vast amount of Dtrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development. We first saw early samples of this malware family in 2013, when it hit Seoul. Now, six years later, we see them in India, attacking financial institutions and research centers.”, wrote Konstantin Zykov, Kaspersky’s Security Researcher in a malware description post.
It is worth noting that Kaspersky researchers had discovered a similar malware last year named ATMDtrack, a malware targeting ATM credentials. Moreover, Dtrack got uncovered while the researchers conducted further studies regarding the functional behavior of ATMDtrack.
The group behind ATMDtrack is behind Dtrack malware as well, according to Kaspersky’s findings. “A command-and-control transport protocol custom implementation is the same for both campaigns. Because of these discoveries, we are quite confident that Dtrack is tied to the Lazarus Group,” said Mr. Zykov.
The Russian cybersecurity firm says that weak network security policies, password policies and a lack of traffic monitoring make enterprises an easy target for Dtrack. To prevent Dtrack attacks, Kaspersky advises enterprises to tighten their network & password policies, and to use traffic monitoring and antivirus solutions.