loading...

Dangerous Malware is On Sale, It Allows Anyone to Empty ATMs

ATM hacking is easy now because now anyone can simply buy a malware to steal millions in cash from ATMs.

Researchers at Kaspersky Lab discovered that Hackers are selling ready-made ATM malware on an underground hacking forum Cutlet Maker that anybody can simply buy for around $5000.

This malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation.

The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data.

The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin, which was first analysed in 2014 by Kaspersky Lab and used by an international cybercrime gang to conduct Jackpotting attack and make Millions by infecting ATMs across Europe and beyond.

The list of crimeware contains in the toolkit includes:

  • Cutlet Maker—ATM malware which is the primary element of the toolkit
  • Stimulator—an application to gather cash cassette statuses of a targeted ATM
  • c0decalc—a simple terminal-based application to generate a password for the malware.

 

 

 

According to Kaspersky researchers, the functionality of the Cutlet Maker malware suggests that two people are supposed to be involved in the ATM money theft—the roles are called “drop” and “drop master.Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password, the researchers say.

“Either network or physical access to an ATM is required to enter the code in the application text area and also to  interact with the user interface.”

In order to operate, the application needs a special library, which is part of a proprietary ATM API and controls the cash dispenser unit—this shows how cyber “criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.”

The advertisement of this Cutlet Maker ATM malware was initially published on the alphabay darknet marketplace, which was recently taken down by the FBI.

 

Jahnavi M
Vulnerability analyst, Technical Writer, Security Blogger, Co-founder---SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: