Slashdot Mirror

← Back to Stories (view on slashdot.org)

Infected ATMs Give Away Millions of Dollars Without Credit Cards

Posted by Soulskill on from the i'll-order-a-dozen dept.

An anonymous reader writes: Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars. The criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.

2 of 83 comments (clear)

  1. This doesn't add up by drsquare · · Score: 4, Interesting

    If you have access to the ATM physically, why not just take the cash there and then?

    1. Re:This doesn't add up by PRMan · · Score: 5, Interesting

      You can actually punch a hole in many popular ATMs and there is a live USB port right behind it. This has been discussed repeatedly as a security problem. I don't know if they fixed that one, but there could be more or it could be really slow to be fixed. http://www.extremetech.com/ext...

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...