A few days back we informed you about the findings of Kaspersky Lab form May 2017 where the security firm identified that a particular kind of ATM malware called ATMii was targeting certain ATMs. The malware kit was designed to steal cash from ATMs using a vendor-oriented API. A post advertising the malware was also discovered by the security firm.
As per the latest report from Kaspersky Lab, cybercriminals are busy in advertising about another but similar malware on the Dark Web. They are describing it as capable of exploiting both hardware and software weaknesses of the ATMs and empty them by taking out all the cash. One of the ads was posted on the AlphaBay Darknet marketplace, which was later taken down by the FBI.
On this particular post, the seller provided a list of required equipment, detailed manuals, ATM models that it could efficiently target and useful tips on operating the malware. The kit was up for sale for $5,000. Buyers were informed that the malware could help them steal all the money from the infected ATMs without bothering about accessing individual accounts or stealing data of ATM cardholders.
The malware, dubbed as Cutlet Maker, needs to be stored on a flash drive and the drive should be plugged into a USB port after which the malware is executed. The toolkit also contained a password generator that was called c0decalc. This was capable of cracking the system, and after that, a simulator would scan ATM cassettes for funds and create a fake transaction so that the ATM could be forced to dispense money.
According to Kaspersky researchers, the functionality of Cutlet Maker malware reveals that two people are surely involved in the scheme, the Drop, and the Drop Master.
“Access to the dispensing mechanism of Cutlet Maker is password protected. Though there could be just one person with the c0decalc application needed to generate a password. Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface,” explained Kaspersky.
It is quite worrying that the scope of cyber attacks has now expanded so much that even ATMs are not safe anymore. In recent years, we have seen quite a few campaigns targeted to steal cash from specific ATMs. The most obvious reason why these machines have suddenly become eye-candies of cybercriminals is that these still run on out-dated OS such as Windows XP.