› Forums › Security › News (Security) › Busy North Korean hackers have new malware to target ATMs – Ars Technica
Tagged: Security_S12
- This topic has 1 voice and 0 replies.
-
AuthorPosts
-
-
September 28, 2019 at 6:57 am #36289
#News(Security) [ via IoTGroup ]
Headings…
Busy North Korean hackers have new malware to target ATMs
Not your father’s ATM malwareAuto extracted Text……
Hackers widely believed to work for North Korea’s hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday.
One piece of malware, dubbed ATMDtrack by researchers with the Moscow-based security firm, has been targeting Indian ATMs since last summer.
It allows its operators to read and store data associated with cards that are inserted into infected ATMs. As researchers with the Moscow-based security firm investigated further, they found that the ATM malware was part of a larger remote-access trojan that carries out traditional espionage activities.
Dtrack payloads were carefully encrypted with utilities known as packers, which made it hard for researchers to forensically analyze the malware.
As the researchers analyzed the memory of infected devices, they found that both ATMDtrack and Dtrack shared unique code sequences.
When company researchers peeled away the layers of encryption and began analyzing the final payload, they saw pieces of code that were first used in a 2013 attack that wiped the hard drives of South Korean banks and broadcasters.
The campaign, known as DarkSeoul, was eventually tied to Lazarus Group, the main hacking arm of the North Korean government.
“When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family, because we see new ATM malware families appearing on a regular base [sic],” Kaspersky Lab researcher Konstantin Zykov wrote in a post published Monday.
The reused code made clear that Dtrack and ATMDtrack were actually the work of the same group of hackers behind the 2013 attack that wreaked havoc on South Korea.
Lazarus first landed on the radar of many security researchers following the destructive hack on Sony Pictures in late 2014.
The more than 180 samples of Dtrack Kaspersky Lab has found circulating in the wild demonstrate yet another campaign of this now-prolific hacking group
Read More..
AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019
-
-
AuthorPosts
- You must be logged in to reply to this topic.