ATMs have become an increasingly lucrative target for cybercriminals. Modern ATMs are no longer just physically emptied for money, but can now be infected with malware to help criminals empty out cash machines without needing stolen cards of legitimate customers. ATM malware isn’t new and has been detected by various security researchers a few years back—and methods that revolve around the use of ATM malware have made it easier for criminals to steal money and sensitive card information from ATMs. The threat of ATM malware continues to spread, mainly from Eastern Europe to the United States.
[READ: ATM Malware on the Rise]
In 2009, researchers discovered a hacker collective known as the Skimer group that utilizes a Skimer malware on ATMs to steal users’ money. Now the researchers have discovered that the malware has been updated to not only make it harder to detect, but also turns ATMs into skimmers that could be used to gather data from inserted cards.
According to the blog released, “The Skimer group begins its operations by getting access to the ATM system either by using through physical access, or via the bank’s internal network. Then after successfully installing Backdoor.Win32.Skimer into the system, it infects the core of an ATM, which is the executable responsible for the machine’s interactions with the banking infrastructure, cash processing and credit cards. By doing this, they successfully turn the whole ATM into a skimmer. Allowing them to withdraw all the funds in the ATM or grab the data from the cards used at the ATM, including customers’ bank account numbers and PIN codes”. This current attack method is undetectable to common ATM users due to no evident sign that the ATMs have been compromised. Additionally, the cybercriminals behind the Skimer malware do not act immediately and are extremely careful at hiding their tracks by allowing the malware to continuously infect and skim data from ATMs for several months without taking out the stolen money.
As explained in reports, Skimer can recover the data by inserting a particular card with records on the magnetic strip. Upon running the records, commands are executed via a special menu, prompting Skimer’s own interface on the display only after the card is ejected and if the cybercriminal inserts the correct session key from the pin pad into a special field in less than 60 seconds. The special menu is capable of executing 21 commands, which includes dispensing money, collecting and printing recorded payment card and account details, and self-deleting. In addition, Skimer can also save the file with dumps and PINs on the chip of the same cards—allowing cybercriminals use the card details to create counterfeit copies.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report