This malware turns ATM hijacking into a slot machine game

by chebbi abir

WinPot can force infected ATMs to automatically dispense cash. Just spin.

screenshot-2019-02-19-at-13-08-36.png

A trader of the malware in the Dark Web has recently advertised WinPot v.3, which also includes a revamped interface and a currently unidentified program called “ShowMeMoney,” which may just be the new name of WinPot given its similar interface style.

screenshot-2019-02-19-at-11-50-32.png
screenshot-2019-02-19-at-11-50-28.png

WinPot displays similarities to Cutlet Maker, malware which needs to be loaded onto a flash drive and plugged into a USB port on in an ATM, made accessible through drilling. Once loaded, the malicious code cracks the system while a simulator finds ATM cassettes and mimics transactions to force the machine to dispense its available funds.

screenshot-2019-02-19-at-12-31-28.png

In 2017, Cutlet Maker was available for roughly $5,000 in the Dark Web. However, the price has now dropped to between $500 — $1,000, which is the same bracket for today’s WinPot buyers.

While many forms of ATM malware have the same core functionality — given the rather basic, unsophisticated systems in which cash dispensers generally operate — threat actors are continually innovating to overcome barriers designed to slowly improve the security posture of ATMs.

In particular, hackers are working on ways to overcome hard-coded limitations in how many notes per dispense are permitted; error handling, and means to trick ATM security systems and prevent malware strains from being detected.

 

‘We expect to see more modifications of the existing ATM malware,” Kaspersky says. “The preferred way of protecting the ATM from this sort of threat is to have device control and process whitelisting software running on it. The former will block the USB path of implanting the malware directly into the ATM PC, while the latter will prevent execution of unauthorized software on it.”

The determined will, however, always find a way to exploit ATMs to reap the proceeds. This was recently highlighted in the case of a software engineering chief who spotted a weakness in Huaxia Bank’s core operating system which created a window at midnight in which unrecorded withdrawals could be made from ATMs.

Over the course of a year, the engineer withdrew and stashed roughly $1 million. When he was eventually caught, the software developer said the money was merely “resting” in his account and was going to be returned.

 

To read the original article:

https://www.zdnet.com/article/this-malware-turns-atm-hijacking-into-slot-machine-games/

Top

Interdit de copier  ce contenu