Skimer

Skimer is a piece of malware that targets ATMs and has been an active actor for many years now. The first time malware experts spotted the Skimer threat was back in 2009. While the Skimer malware has not developed through the years, ATM malware has improved greatly, in general. Most cybercriminals nowadays prefer emptying ATMs instead of skimming credit cards.

Cybercrooks that target ATMs usually have to split in two groups – one who will have to insert a USB drive into the machine to deploy the malware physically, and one which will be behind a computer screen and operate the threat. Malware, which targets ATM, usually gains access to their system and manipulates the settings to get the machine to start pumping out cash.

The Skimer malware manages to bypass the safety checks by authenticating itself using a rather innovative technique. This goes a long way to keep the operation on the down low too. The Skimer threat is programmed to only run during certain hours, thus greatly reducing the chances of detection. To launch the malware’s interface, the attackers have to insert a ‘magic card’ in the ATM, which works as a way of authentication. Then, when this is done, the attackers will be able to instruct the Skimer malware to perform a list of various tasks, among which are:

• Begin an update.
• Skim credit cards.
• Send the data collected from the skimmed credit cards to the attackers’ server.
• Pump out 40 bank notes.
• Activate the threat’s debugging feature.
• Begin an update.
• Remove itself from the ATM.

Despite this threat being a little outdated, it should not be underestimated. The Skimer has been launched in many successful cash-grabbing operations and will likely be employed in many more in the future.