ATMDtrack

The Lazarus group have been experimenting with a new piece of ATM malware that was first used against Indian banks in 2018. However, it is likely that this will not be the last time we hear about ATMDtrack, a product of the hackers from Lazarus. This malware is fairly limited in terms of functionality – unlike other ATM malware families, it does not focus on causing harm to the bank by emptying the cash cassettes of the ATM device. Instead, it serves the purpose of collecting the credit card details of all customers of the ATM silently and then exfiltrating them to a remote Command & Control server operated by the attackers.

The ATMDtrack shares a lot of similarities in terms of code with the Dtrack RAT, another tool that is part of the hacking toolkit of the North Korean hackers known as Lazarus. It is believed that the ATMDtrack was developed as a smaller, stand-alone project meant to be used against banks exclusively. The Dtrack RAT, on the other hand, is more flexible and functional and can be used in attacks against all kinds of targets.

ATMDtrack Has Been Used against Indian Banks Exclusively So Far

The banks affected by the ATMDtrack's attack are likely to have used outdated operating systems and software that enabled the Lazarus hackers to take advantage of known security holes. It also is possible that the hackers may have used clever social engineering techniques to acquire login credentials from employees.

ATMDtrack is not one of the most sophisticated ATM malware families that researchers have encountered certainly, but the fact that it was made of the Lazarus group is a sure sign that it must not be underestimated. The infamous North Korean hackers are responsible for some of the largest cyberattacks in the last decade, and anything coming out of their toolkit is considered to be a major threat.