Article 4R0WA Busy North Korean hackers have new malware to target ATMs

Busy North Korean hackers have new malware to target ATMs

by
Dan Goodin
from Ars Technica - All content on (#4R0WA)
atm-jaipur-800x533.jpg

Enlarge / ATM in the Indian city of Jaipur. (credit: PeS-Photo / Flickr)

Hackers widely believed to work for North Korea's hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday.

One piece of malware, dubbed ATMDtrack by researchers with the Moscow-based security firm, has been targeting Indian ATMs since last summer. It allows its operators to read and store data associated with cards that are inserted into infected ATMs. As researchers with the Moscow-based security firm investigated further, they found that the ATM malware was part of a larger remote-access trojan that carries out traditional espionage activities. Dubbed "Dtrack," it was used as recently as this month to target financial institutions and research centers.

Dtrack payloads were carefully encrypted with utilities known as packers, which made it hard for researchers to forensically analyze the malware. As the researchers analyzed the memory of infected devices, they found that both ATMDtrack and Dtrack shared unique code sequences. When company researchers peeled away the layers of encryption and began analyzing the final payload, they saw pieces of code that were first used in a 2013 attack that wiped the hard drives of South Korean banks and broadcasters. The campaign, known as DarkSeoul, was eventually tied to Lazarus Group, the main hacking arm of the North Korean government.

Read 6 remaining paragraphs | Comments

index?i=9Pw5yy0K6c8:a4tiY7Tpa4c:V_sGLiPB index?i=9Pw5yy0K6c8:a4tiY7Tpa4c:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments