Dtrack RAT

Dtrack RAT Description

The Lazarus group is a very active and famous name in cybercrime at the moment. They were the hackers behind the infamous WannaCry Ransomware attacks, the hack against Sony Entertainment, and many other attacks against high-profile targets. One of the recent tools believed to originate from the computers of the Lazarus Advanced Persistent Threat group is Dtrack RAT, a Remote Access Trojan that allows its operators to take almost complete control over infected computers. It is believed that the Dtrack RAT is related to ATMDtrack, a piece of ATM malware that was found on the computers of Indian banks in 2018. Both tools are developed and used by the Lazarus APT group, and it is likely that the ATMDtrack is a stripped-down version of the Dtrack RAT.

The Dtrack RAT's Code can Reside in the Memory of a System Process

The hackers from Lazarus stay true to their style and use state-of-the-art malware deployment techniques to cover their trackers and bypass security measures. The Dtrack RAT is often used in combination with an unidentified Trojan dropper that has the ability to inject malicious code in the memory of running system processes, therefore tricking anti-virus engines into thinking that the malicious code is an important Windows process. Of course, using trustworthy and regularly updated antivirus products will not fall for this trick, and they can keep your computer protected.

The DTrack RAT can be Used to Plant Other Malware or Collect Files

When the Dtrack RAT is initialized, it will connect to the pre-configured address used for a Command & Control server immediately. The RAT checks for new commands at a specific time interval, and executes all pending tasks immediately. The attacker can configure the time interval between command checks, and they also can:

  • Upload or download files to the compromised computer and launch them.
  • Grant startup persistence to files they choose.
  • Copy the contents of a folder, partition, or hard drive to their control server.
  • Update the Dtrack RAT or remove it.

The number of victims affected by the Dtrack RAT is still very low, and cybersecurity experts have not been able to identify a precise security hole that the Lazarus hackers might have used to deliver the threatening program. It is likely that they attempt to exploit vulnerable services and software, unpatched operating systems, or poorly secured networks.

Do You Suspect Your PC May Be Infected with Dtrack RAT & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Dtrack RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.