Crooks infect ATMs with malware using USB, steal cash [Updated]
The video titled ‘Electronic Bank Robberies’ that talks about the malware:
Criminals managed to infect ATMs with malware by using USB drives, researchers have revealed while speaking at the Chaos Communication Congress.
Attacks first came to light after it was discovered back in July that criminals cut away part of the ATM machine chassis to access the USB port. However, the banks never knew about the malware, which allowed researchers to withdraw cash using their own hidden menu. The chassis holes were repaired and the ATMs were commissioned into service again, which allowed the attackers to target the same ATMs again and again.
According to researchers, the malware was created to target just one bank; however, there are multiple banks that still use vulnerable ATM software. Further the researchers also revealed that criminals used two separate codes to access the money in a bid to ensure that no single member of the gang can steal the money.
In a bid to ensure that they were exposed in the open for the least time, they even had the option of withdrawing only the highest denomination notes.
Vulnerable ATMs were seemingly all running Windows XP that allowed for ‘Autorun’ of USB drives thereby making it easier to execute the infection code.
Researchers also revealed that the criminals were well-funded and either managed to reverse engineer the cash client or had someone on the ‘inside’ working for them. Further the malware also had the capability of stealing customer information, but the criminals didn’t do so.