Cybersecurity researchers with Kaspersky Lab say that hackers working for the North Korean government have been targeting ATM machines in India with a new strain of payment card skimming malware. The campaign has been active since last summer.
The malware used in the attacks is called ATMDTrack, which is linked to a bigger remote access trojan (RAT) dubbed DTrack that is used in cyber espionage campaigns targeting Indian financial institutions and research centers. The researchers said the malware resembled a campaign by the notorious Lazarus group that is controlled by North Korea’s primary intelligence agency, the Reconnaissance General Bureau. Earlier this month. the US Department of Treasury imposed sanctions on the Lazarus group and two other North Korean hacking groups.
Read more: North Korean hackers are targeting ATMs in India with new data-stealing malware