The backdoor DTrack, widely used by the North Korean Lazarus group over the last three years, is still being deployed to target organizations in Europe, the US and Latin America. According to Kaspersky, DTrack has been used in financial environments to breach ATMs in ransomware attacks and in campaigns against a nuclear power plant in India.
DTrack allows criminals to upload, download, start or delete files on the victim host. Among the tools available within DTrack toolset, there is a keylogger, a screenshot maker and a module for gathering victim system information.
The DTrack backdoor continues to be used actively by the Lazarus group. Modifications in the way the malware is packed is an indication of how valuable this tool is for the Lazarus group.
As part of the proactive actions, Security On-Demand is monitoring all our customers infrastructure thought the use of our platforms and the available indicators of compromise available for this tool. Also, SOD is constantly monitoring the web for any new IoC that might become available.
Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.