European ATMs under malware attack

At least 50 cash machines in Eastern Europe have been targeted by malware that allows the hacker to withdraw up to 40 notes at once without a credit or debit card to hand, Computer Weekly reports.

Interpol has informed countries around Europe, Latin America and Asia thought to have been argued to be vigilant while it is carrying out a “widespread investigation” claims the BBC.

The hack works by infected with malicious software via a boot CD, meaning the criminals required physical access to the machines. Once the malware has been installed, a “mule” can be sent to collect up to 40 notes from the compromised machine, by entering a code on the keypad.

In a surprise example of two-factor-authentication, the “mule” then requires a second unique code randomly generated at a remote location to unlock the ATM and release the cash. This is to ensure the criminals remain control over how and when the withdrawals take place.

This was no amateur operation, and the malware was particularly efficient at concealing itself – only active at very specific times of the night, so as not to trigger any security warnings at the bank. As The Guardian points out: “It would have required significant planning, as the mules had to be at the infected cash machines at specified times on either Sunday or Monday nights.”

ATMs are tempting prey for criminals, for obvious reasons and the attacks are becoming increasingly sophisticated. As we reported earlier in the year, ‘slimline’ card skimmers are proving so difficult to spot that they have sometimes remained unnoticed for up to five days. Hackers have even been able to load Doom (with plans to include PIN pad controls) on cash points, but high tech solutions are also on the horizon, like having a unique PIN visible only to the user via Google Glass.

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.