New malware hijacking ATM machines, causing them to dispense large amounts of cash

Hackers are everywhere – while much of the hacking you hear about tend to occur on the internet and home computers, the worst criminal hackers usually target institutions such as banks. ATMs are a usual target for hackers, and now there is evidence of a terrifying new malware that can cause them to spill out large amounts of cash. This ATM malware is called “ATMJackpot,” and some form of it has already made its way onto the U.S.

Based on a blog post from the Netskope Threat Research Lab, the new malware ATMJackpot appeared to have come from Hong Kong and was likely last modified on the 28th of March 2018, as evidenced by a timestamp on its binary. Netskope said that it is likely still under development, so its current state may not be the final, perfect one that the nefarious hackers behind it envisioned.

When comparing it with other previously discovered malware, Netskope noted that the new malware had a much smaller system footprint, which meant that it doesn’t require a lot of storage space at all. It also has a very simple graphical user interface, which makes it easier to use compared with older types of malware. Its user interface displays useful information such as the hostname, the service provider information like cash dispenser, PIN pad, and even card reader information. In short, it’s something that can be quickly installed and should be quite easy to use, from the perspective of any would-be attacker.

The ATMJackpot malware spotted and detailed by the Netskope team goes through a number of steps before finally getting infected ATMs to spit out cash. Like all malware, it starts by first getting installed on the machines and eventually taking control before giving it to the hackers. (Related: Hijack hack: Experts warn terrorists may target digital train systems next time, causing high speed crashes.)

According to Netskope, so-called jackpotting attacks really only serve one purpose, and that is to force any ATM to dispense the cash that it holds in its storage. They have been documented as far back as 2014, as these kinds of attacks started happening in places in Europe and Russia. Now that jackpotting has finally made its way onto the U.S., Americans will need to be more aware of it and avoid it as much as they possibly can.

The first jackpotting attacks on U.S. ATMs happened some time at the beginning of the year 2018. The subject has been covered quite extensively on the security blog Krebs on Security, where security expert Brian Krebs detailed as much as he could on jackpotting as soon as the first attacks started on U.S. soil.

According to Krebs, a confidential Secret Service alert was sent out earlier this year to multiple financial institutions, warning them of the attacks. “The targeted stand-alone ATMs are routinely located in pharmacies, big-box retailers, and drive-thru ATMs,” the alert said. “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.”

Meanwhile, Daniel Regalado from the security firm FireEye noted that criminals who carry out these kinds of attacks typically use so-called money-mules to execute their plants. In other words, the process is labor-intensive and requires a lot of coordination between the attackers. Still, it sounds like a dangerous attack indeed, and one that could render ATMs in a large number of places unusable if they ever get carried out successfully. It’s best always to be diligent wherever you go to avoid any problems that such attacks might cause.

Read more about other kinds of hacking at Glitch.news.

Sources include:

Netskope.com

KrebsOnSecurity.com