Dtrack RAT Description
The Lazarus group is a very active and famous name in cybercrime at the moment. They were the hackers behind the infamous WannaCry Ransomware attacks, the hack against Sony Entertainment, and many other attacks against high-profile targets. One of the recent tools believed to originate from the computers of the Lazarus Advanced Persistent Threat group is Dtrack RAT, a Remote Access Trojan that allows its operators to take almost complete control over infected computers. It is believed that the Dtrack RAT is related to ATMDtrack, a piece of ATM malware that was found on the computers of Indian banks in 2018. Both tools are developed and used by the Lazarus APT group, and it is likely that the ATMDtrack is a stripped-down version of the Dtrack RAT.
The Dtrack RAT's Code can Reside in the Memory of a System Process
The hackers from Lazarus stay true to their style and use state-of-the-art malware deployment techniques to cover their trackers and bypass security measures. The Dtrack RAT is often used in combination with an unidentified Trojan dropper that has the ability to inject malicious code in the memory of running system processes, therefore tricking anti-virus engines into thinking that the malicious code is an important Windows process. Of course, using trustworthy and regularly updated antivirus products will not fall for this trick, and they can keep your computer protected.
The DTrack RAT can be Used to Plant Other Malware or Collect Files
When the Dtrack RAT is initialized, it will connect to the pre-configured address used for a Command & Control server immediately. The RAT checks for new commands at a specific time interval, and executes all pending tasks immediately. The attacker can configure the time interval between command checks, and they also can:
- Upload or download files to the compromised computer and launch them.
- Grant startup persistence to files they choose.
- Copy the contents of a folder, partition, or hard drive to their control server.
- Update the Dtrack RAT or remove it.
The number of victims affected by the Dtrack RAT is still very low, and cybersecurity experts have not been able to identify a precise security hole that the Lazarus hackers might have used to deliver the threatening program. It is likely that they attempt to exploit vulnerable services and software, unpatched operating systems, or poorly secured networks.
Do You Suspect Your PC May Be Infected with Dtrack RAT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Dtrack RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.