Dtrack is a notorious North Korean linked virus that has been used to hack several organizations and facilities across the world, including the Nuclear Power Corporation of India, Sony Entertainment, and ATM banks in the subcontinent.
It is believed that the elusive North Korean hacker group called Lazarus is behind the malware entity. In the Indian ATM attacks, the malware was used to read the victims ATM card details and store the data on these cards. A more enhanced version of the malware was used for an attack on South Korean financial institutions as well as to aid the spread of the WannaCry ransomware that attacked thousands of computers across the globe.
What Can the Dtrack Malware Do?
True to the style of the Lazarus Group, the Dtrack malware is a very sophisticated virus that is capable of using state-of-the art deployment techniques that help it evade even the best anti-malware defenses. It can inject malicious codes directly into a computer’s memory in a strategy that is meant to make it undetectable by antivirus programs.
Upon execution, the Dtrack malware will connect to a pre-configured address that serves as a command and control center. Having connected to the C&C, it will wait for commands that are normally issued periodically. The Lazarus group can also upload and download files on the contaminated device, select autostart items, copy and paste the contents of a folder or file to their command and control center, and update the Dtrack remote access Trojan or remove it.
Cybersecurity researchers point out the Dtrack malware serves a number of goals for the North Korea regime. They include espionage, intelligence gathering, financial gain, and as an offensive weapon against adversaries.
The 2014 Sony Pictures hack is one example of the malware being used as an offensive weapon. The malware entities used for this large-scale attack compromised hundreds of computers at Sony Pictures and stole the personal data of Sony Pictures employees, their families, friends, emails between employees, copies of unreleased films, film scripts, executive pay packages, and a lot of other information.
The hackers behind the attack demanded that Sony withdraw an upcoming film titled the Interview, which was a comedy based on a plot to assassinate the North Korean leader. They also demanded monetary compensation in exchange for the stolen data.
With such capabilities, the Dtrack malware is not a threat to be taken lightly, and should you suspect that your computer has been infected by this very nasty RAT, you need to remove it ASAP.
How to Remove Dtrack Malware
Although sophisticated and elusive, removing the Dtrack malware is now a simple matter. This is because following the 2014 Sony Pictures hack and the subsequent WannaCry ransomware campaign, Dtrack has become one of the most studied malware entities which means that many anti-malware defense systems have learned to recognize its signatures and behavior patterns.
Thus, if you suspect that your computer has been compromised by Dtrack, or if your anti-malware software points this out, restart your device on Safe Mode immediately, and allow the antivirus to perform a deep cleanse of your system.
After the software has done its job, clean your computer with a PC repair tool to delete any potential vectors, such as infected downloads, or temporary files that play host to the virus. The PC repair tool will also help repair broken registry entries and delete the ones that were created by the Dtrack malware.
While it is easy to get rid of the Dtrack malware, it is difficult to protect your device against infections as it is not that clear how the malware is distributed. There is, however, strong suspicion that the Lazarus group depends on infected email attachments, drive-by downloads, mal-adverts, and other malware entities to contaminate computers. Dtrack can also spread horizontally across an entire network suggesting that you don’t even have to do anything to have your computer infected.
With this information in mind, we suggest that you avoid opening email attachments from unknown sources. Also, update your PC to the latest version of the Windows OS as that way, you will enjoy the latest Microsoft security patches. Finally, if you are part of an organization or office, make sure that everyone understands the risks associated with malware entities such as the Dtrack Trojan as that way, everyone can play their part in avoiding a catastrophe.