WinPot

WinPot Description

WinPot is a peculiar ATM Trojan designed to cash out the ATMs of a specific popular ATM vendor. The threat was offered on hacker forums hosted on the Dark Web with the price at the time being set at 1 BTC (Bitcoin). 1 BTC is equal to over $13,00, considering the current exchange rate.

WinPot's visual interface is designed to mimic that of a slot machine. Each cassette of the ATM is assigned a number between 1 and 4 (4 being the maximum cash out cassettes that an ATM can have). Under each 'slot,' information about the currently held banknotes and their denomination is displayed. A 'SPIN' button is available for each cassette slot, and clicking it commands the ATM to start dispensing cash from the corresponding cassettes. Two more command buttons are available - 'STOP' terminates the process of dispensing money, while 'SCAN' updates the information of each cassette. 

The WinPot Trojan saw extensive support from its creators, with several new versions being released in the wild, with each version adding minor improvements. The hackers changed the packer they used for the threat like Yoda or UPX. They also changed the time frame during which WinPot is operational. If the system time of the ATM doesn't match the programmed time frame, WinPot would simply stop functioning without displaying its interface window.

There are signs that the creators of WinPot may have 'borrowed' some ideas from the hackers responsible for another ATM Trojan threat called CutletMaker.