Security News

Banking Threats: ATM Malware Used to Hack Machines

October 28, 2014

ATM MalwareBanks, ATMs, and other financial institutions, including banking sites and mobile banking apps will always be some of the most lucrative targets for thieves and cybercriminals who can find a way to get around the existing systems. Seen as highly profitable prospects, attackers are constantly coming up with new ways to capitalize on these financial platforms. In 2010, an ATM hack demonstration made during a Black Hat conference highlighted how vulnerable ATM machines are and how these vulnerabilities can be exploited and used to dispense money.

Last month, a Latin American organized crime gang hacked over 14 ATMs in Malaysia, pilfering an estimated RM3mil (equivalent to almost $1 million USD). According to reports, the gang hacked ATMs that used old operating systems by installing malware that exploited flaws in the authentication process. Additionally, we found that once installed on a machine, the malware (BKDR_PADPIN.A) could be used to dispense cash from selected ATM cassettes and to show other information such as total amount stored and cash unit information. The malware could also uninstall itself and disable network connection.

While this particular incident limited the damage to the banks that operated the hacked machines—and not the bank's users or clients—there are other banking-related threats that are designed to affect ATM users directly. ATM skimming is a method that use devices called skimmers to steal data encoded on the magnetic strips of ATM cards. Skimmers come in different form factors, and use various ways to steal data with screen captures and key credential logs.

Since banks and banks’ customers are often targeted by cybercriminals, it’s imperative that proper security measures are implemented. Banks must upgrade their security systems, keep them updated, and implement prevention systems to counter possible attacks. Customers should constantly check their banking statements, credentials, and status to make sure that all the transactions are accounted for. For those that use banking apps and online banking portals, they should use security software that can protect all devices, and download apps only from official stores.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Connect with us on