Cyber thieves using malware to wipe cash at ATMs, says Kaspersky

February 26, 2019
202 Views

Kaspersky, a cybersecurity solutions provider, said it has discovered a malware used by cybercriminals to automatically dispense cash from Automatic Teller Machines (ATMs).

It said the malware called WinPot had been designed to look like the slot machine, warning that new modifications would be invented by the fraudsters this year.

Kaspersky said some of the modifications would trick the ATM security systems; overcome potential ATM limitations; find ways to keep the money mules from abusing their malware; and improve the interface and error-handling routines.

“In March 2018, we came across a fairly simple but effective piece of malware named WinPot. It was created to make ATMs by a popular ATM vendor to automatically dispense all cash from their most valuable cassettes. We called it ATMPot. The criminals had clearly spent some time on the interface to make it look like that of a slot machine. Likely as a reference to the popular term ATM-jackpotting, which refers to techniques designed to empty ATMs,” the Kaspersky report said.

Describing how the malware is used, analysts at Kaspersky said, “In the WinPot case, each cassette has a reel of its own, numbered one to four (four is the maximum number of cash-out cassettes in an ATM) and a button labelled ‘spin’.

“As soon as you press the spin button, the ATM starts dispensing cash from the corresponding cassette. Down from the spin button, there is information about the cassette such as the bank note value and the number of bank notes in the cassette. The scan button rescans the ATM and updates the numbers under the slot button, while the stop button stops the dispensing in progress.”

The company said its findings had been further corroborated by similar samples found in an European Fraud Update published in the summer of 2018.

In order to protect ATM from the threat, the cybersecurity firm advised, “Have a device control and process white-listing software running on it. The former will block the USB path of implanting the malware directly into the ATM PC, while the latter will prevent the execution of unauthorised software on it.”

You may be interested

Pride Begets Downfall — Anglican Cleric Tells Church Members, As ACORA Marks 2024 Palm Sunday in Grand Style
News
News

Pride Begets Downfall — Anglican Cleric Tells Church Members, As ACORA Marks 2024 Palm Sunday in Grand Style

Webby - March 24, 2024

By Izunna Okafor, Awka Ear-piercing echoes of Hosanna rent the air in Awka, the capital city of Anambra State on…

IPOB dares military, heads for court over member declared wanted
News
2 views
News
2 views

IPOB dares military, heads for court over member declared wanted

Webby - March 24, 2024

The Indigenous People of Biafra (IPOB) on Sunday called on the Defence Headquarters to direct its energy to Finland-based legal…

Advertising guru, Onabolu to chair 2024 Industry Summit on May 3
Business
3 views
Business
3 views

Advertising guru, Onabolu to chair 2024 Industry Summit on May 3

Webby - March 24, 2024

  The Group Managing Director of COSSE Group, one of the leading integrated marketing communications (imc) in Nigeria, Mr. Funmi…

Leave a Comment

Your email address will not be published.