New ATM Trojan called Tyupkin helped in stealing millions of dollars
Tyupkin, new banking Trojan capable of dispensing cash directily from infected ATM, was detected in Eastern Europe according to the Kaspersky Lab blog post. Malware installed from the bootable CD after criminals gain physical access to the ATM lets them dispense cash without using any plastic card.
New Trojan’s capabilities look close to those of already well known ATM malware called Ploutus. After being installed on the device Tyupkin disables antivirus software such as McAfee Solidcore used in Kaspersky Lab example and waits for specific input from PIN keyboard. Among other features are standby mode with automatic activation and Sunday and Monday nights and the ability to shut down the ATM network connection in case of emergency.
In order to dispense cash the cybercriminal needs to know the Trojan menu , enter the necessary commands and special session key generated by formula that works as a kind of two-factor authentication. Then the cash is dispensed, 40 banknotes at the time. Following this scheme criminals have managed to dispense hundreds of thousands of dollars without attracting any attention.
“Appearance of new ATM Trojans capable of directly dispensing cash from infected devices is only logical”, says Denis Gasilin, head of marketing in SafenSoft, company developing information security solutions for self-service devices. “This “new guy” has a good debut – it already infected ATMs in Russia, USA and even Malaysia. It’s hard to say for sure if it’s just a Ploutus modification or completely new product from some cybercriminal group, but it doesn’t really matter since any ATM without software integrity preservation solution installed will be affected in just the same way”.
October 10, 2014
All news |
Print this page
August 08, 2014
December 04, 2014