EU ATM Malware

Security experts are sounding the alarm on a previously unknown ATM malware making rounds in the cybercrime underworld. This particular strain seems custom-built to prey on European victims. The threat actor behind it boasts about its capability, purportedly able to infiltrate 99% of devices across Europe. Cybercriminals are peddling this new ATM malware for a hefty price tag of $30,000. According to their pitch, this 'EU ATM Malware' is meticulously crafted from the ground up, with the added claim of being able to target roughly 60% of ATMs globally.

The EU ATM Malware could Cause Significant Financial Losses

If the claims about EU ATM Malware are true, this particular threat represents a grave risk to the global banking sector. As per the disclosure, the ATM malware has the capability to target machines from several prominent manufacturers, including Diebold Nixdorf, Hyosung, Oki, Bank of America, NCR, GRG and Hitachi.

The creators of this malware assert that it can yield up to $30,000 per ATM, rendering it an immensely profitable tool for cybercriminals. Notably, the malware is designed to be entirely automated, streamlining its deployment and operation processes.

Furthermore, the malware offers flexibility by supporting both automated and manual operation modes. The seller provides various payment options, such as a monthly subscription or an initial fee combined with a percentage of the profits from successful jackpotting operations. Additionally, threat actors extend the courtesy of a test payload option, valid for three days, to potential customers.

Jackpotting Attacks Still Threaten the Global ATM Manufacturers

Jackpotting is a type of attack against automated teller machines (ATMs) where cybercriminals manipulate the machine to dispense cash illegitimately, essentially turning it into a 'jackpot' for the attackers. This form of attack typically involves malware or physical access to the ATM's internal components.

A jackpotting attack is generally carried out in several steps:

• Initial Access: Attackers gain access to the ATM either physically or remotely. Physical access might involve tampering with the ATM's casing to access its internal components, while remote access could be achieved through exploiting vulnerabilities in the ATM's network connection or software.
• Malware Installation: If the attack is conducted remotely, attackers may install malware on the ATM to exploit vulnerabilities and gain control over its functions. This malware could be introduced via various means, such as through USB drives, network connections, or even exploiting vulnerabilities in the ATM's software.
• Control Establishment: Once the malware is installed and running on the ATM, the attackers establish control over its operations. They may use this control to dispense cash without authorization or to manipulate the ATM's interface to hide their activities from surveillance.
• Cash Dispensing: With control established, the attackers command the ATM to dispense cash. They may use techniques to bypass any limits on cash withdrawals or to force the ATM to dispense its entire cash reserve.
• Covering Tracks: After extracting the cash, attackers may try to shelter their tracks to avoid detection. This could involve erasing logs or other evidence of the attack from the ATM's system.

Jackpotting attacks can vary in sophistication and complexity, with some requiring extensive technical knowledge and others relying more on physical manipulation. However, they all share the goal of exploiting vulnerabilities in ATMs to extract cash illegally, representing a meaningful threat to financial institutions and their customers. As a result, banks and ATM operators employ several security measures, such as regular software updates, physical security enhancements, and monitoring systems, to mitigate the risk of jackpotting attacks.