North Korean hackers target European orgs with updated malware

Teilen:

North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America.

DTrack is a modular backdoor featuring a keylogger, a screenshot snapper, a browser history retriever, a running processes snooper, an IP address and network connection information snatcher, and more.

Apart from spying, it can also run commands to perform file operations, fetch additional payloads, steal files and data, and execute processes on the compromised device.

The new malware version doesn’t feature many functional or code changes compared to samples analyzed in the past, but it is now deployed far more widely.

A wider distribution

As Kaspersky explains in a report published today, their telemetry shows DTrack activity in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the United States.

The targeted sectors include government research centers, policy institutes, chemical manufacturers, IT service providers, telecommunication providers, utility service providers, and education.

In the new campaign, Kaspersky has seen DTrack distributed using filenames commonly associated with legitimate executables.

For example, one sample they shared is distributed under the ‘NvContainer.exe’ file name, which is the same name as a legitimate NVIDIA file.

Kaspersky told BleepingComputer that DTrack continues to be installed by breaching networks using stolen credentials or exploiting Internet-exposed servers, as seen in previous campaigns.

When launched, the malware goes through multiple decryption steps before its final payload is loaded via process hollowing into an “explorer.exe” process, running directly from memory.

Chunk decryption routine (Kaspersky)

The only differences to past DTrack variants are it now uses API hashing to load libraries and functions instead of obfuscated strings, and that the number of C2 servers has been cut by half to just three.

Some of the C2 servers uncovered by Kaspersky are “pinkgoat[.]com”, “purewatertokyo[.]com”, “purplebear[.]com”, and “salmonrabbit[.]com.”

DTrack attribution

Kaspersky attributes this activity to the North Korean Lazarus hacking group and claims the threat actors use DTrack whenever they see the potential for financial gains.

In August 2022, the same researchers linked the backdoor to the North Korean hacking group tracked as ‘Andariel,’ which deployed Maui ransomware in corporate networks in the U.S. and South Korea.

In February 2020, Dragos linked DTrack to a North Korean threat group, ‘Wassonite,’ which attacked nuclear energy and oil and gas facilities.

https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
11:04 pm, Juli 10, 2025
Wetter-Symbol 22°C
L: 20° | H: 23°
aufgelockerte Bewölkung
Luftfeuchtigkeit: 70 %
Druck: 1022 mb
Wind: 10 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 25%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:55 am
Sonnenuntergang: 9:16 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Tomorrow 10:00 pm
Wetter-Symbol
20° | 23°°C 0 mm 0% 8 mph 70 % 1022 mb 0 mm/h
Sa. Juli 12 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 67 % 1019 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
18° | 31°°C 0 mm 0% 7 mph 69 % 1015 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
19° | 28°°C 1 mm 100% 17 mph 86 % 1016 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
15° | 26°°C 0 mm 0% 12 mph 69 % 1022 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
19° | 21°°C 0 mm 0% 5 mph 68 % 1022 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
16° | 18°°C 0 mm 0% 3 mph 70 % 1021 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
20° | 20°°C 0 mm 0% 2 mph 64 % 1021 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
27° | 27°°C 0 mm 0% 3 mph 45 % 1021 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
31° | 31°°C 0 mm 0% 4 mph 31 % 1020 mb 0 mm/h
Tomorrow 4:00 pm
Wetter-Symbol
31° | 31°°C 0 mm 0% 5 mph 26 % 1018 mb 0 mm/h
Tomorrow 7:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 6 mph 29 % 1017 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 8 mph 49 % 1019 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€99,422.33
4.93%
Ethereum(ETH)
€2,545.22
8.28%
Fesseln(USDT)
€0.85
-0.01%
XRP(XRP)
€2.18
5.65%
Solana(SOL)
€140.00
4.48%
USDC(USDC)
€0.85
-0.01%
Dogecoin(DOGE)
€0.163934
6.00%
Shiba Inu(SHIB)
€0.000011
5.48%
Pepe(PEPE)
€0.000010
9.78%
Peanut das Eichhörnchen(PNUT)
€0.247004
23.37%
Nach oben scrollen