Indian ATM machines targeted by North Korean malware to steal data

North Korean hackers have been observed using a new malware strain that can be planted on ATM systems and used to record and steal data from payment cards inserted into a machine.

The new malware has been named by Kaspersky experts ATMDtrack and has been spotted on the networks of Indian banks since late summer 2018. Kaspersky researchers said that the malware strain had many similarities with the malware used in ‘Operation DarkSeoul’, which is a series of attacks aimed against South Korean targets in 2013.

Those attacks have been attributed to the Lazarus Group, a cyber-espionage outfit operating for the North Korean government. In September 2019, the US Treasury had sanctioned the North Korean hacker group for orchestrating cyber-attacks on banks, ATM networks, gambling sites, online casinos, and cryptocurrency exchanges to steal money from legitimate businesses and raise funds for the country's weapons and missile programs.

Thus, the discovery of the ATMDTrack malware strain comes to support and justify the US Treasury's decision to sanction any entities associated with this group, fitting right into Lazarus' normal mode of operation, according to ZDnet.