CHINA TOPIX

12/22/2024 05:07:34 pm

Make CT Your Homepage

Hackers Stole Millions From ATMs with Malware

Tyupkin on an ATM

(Photo : Kaspersky)

Researchers from Kaspersky Lab announced Tuesday that Backdoor.MSILTyupkin, a malicious program designed to work on Automatic Teller Machines that are running the 32-bit version of Windows, was used by hackers to steal millions of dollars.

Instead of exploiting software vulnerabilities in the machines from afar, the cyber criminals put the malware into the ATMs by gaining access to controls which are usually guarded by a locked panel.

Like Us on Facebook

The malicious code was installed by inserting a bootable CD into the ATM, and then "the criminals reboot the system and the infected ATM is under their control," Vicente Diaz, the principal security researcher at Kaspersky Lab said through email.

"This operation allows the criminals to play with the ATM software in the way that they need to," Diaz said. "So it's a completely different threat level, where software protection doesn't work."

The software security firm refused to disclose the name of the targeted vendor, citing a current investigation by Interpol into the compromises.

The researchers said the malware, nicknamed Tyupin, was discovered in 50 ATMs operated by banking companies  in Eastern Europe. Samples of the bad code, however, have been uploaded to VirusTotal from other countries, including China, India and the United States, suggesting that the malware was used in those areas of the world as well.

The hackers took several precautions to avoid detection in the incidents that were investigated by Kaskersky. Tyupin, for example, was configured to just accept commands given via the PIN pad during Sunday and Monday evenings.

To be able to open the interface of the program, which shows the number of bills and denominations left in the ATM's cassettes, the hackers are required to input unique session keys every time. An algorithm only known to the cyber criminals generate the special keys, which wards off others from accessing the malware. The program's interface lets the user force the machine to give out up to 40 bills at a time from one of the ATM's cassettes.

Real Time Analytics