Top 3 states detected with Dtrack samples: Maharashtra, Karnataka and Telangana

At a recent event in Delhi, Kaspersky discussed its discovery of Dtrack, a previously unknown spy tool that had been spotted in Indian financial institutions and research centres.

 In 2018, Kaspersky researchers discovered ATMDtrack – malware created to infiltrate Indian ATMs and steal customer card data. Following further investigation using the Kaspersky Attribution Engine and other tools, the researchers found more than 180 new malware samples that had code sequence similarities with the ATMDtrack – but at the same time clearly were not aimed at ATMs. Instead, their list of functions defined them as spy tools – now known as Dtrack. Moreover, not only did the two strains share similarities with each other but also with the  2013 DarkSeoul campaign which was attributed to Lazarus – an infamous advanced persistence threat actor responsible for multiple cyberespionage and cyber-sabotage operations.

The Dtrack samples were detected from as many as 18 states in India, where 24% were found in Maharashtra, followed by Karnataka (18.5%) and Telangana (12%). The other main infected states include West Bengal, Uttar Pradesh, Tamil Nadu, Delhi, Kerala.

Dtrack can be used as a remote admin tool (RAT), giving threat actors complete control over infected devices. Criminals can then perform different operations, such as uploading and downloading files and executing key processes.

The event saw Mr. Konstantin Zykov, Security Researcher at Kaspersky’s Global Research and Analysis Team, Kaspersky explaining about Dtrack, “A large amount of Dtrack samples we found demonstrate that Lazarus is one of the most active APT groups, constantly developing and evolving threats in a bid to affect large-scale industries and seeking to evade detection. Their successful execution of Dtrack RAT proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets.”

Saurabh Sharma, Senior Security Researcher (GReAT), Kaspersky (APAC), said, “Although we have seen the number of local threats in India have decreased in the last quarter compared to last year, India is still consistently ranked as Top 10 countries in Kaspersky’s Cybermap Real Time Threat. This shows that India still needs to continue increasing its cybersecurity efforts, and the advanced persistent threat attack highlights the importance of investing in threat landscape intelligence.”