Mexican ATMs became the target for malware called “Ploutus”. This malware is created to take over the ATM on the software level and make it dispense cash on command.
So far the attacks were targeted against ATMs at off-premise locations. To begin the attack, criminals acquired access to the ATM’s CD-ROM drive and inserted new boot CD into it. The “Ploutus” malware files were then uploaded into the ATM system along with disabling anti-virus software installed there. After the installation “Ploutus” allowed fraudsters to activate it by pressing special combination on function keys. From that point, ATM was ready to accept commands to dispense cash sent from external keyboard. The only ways to prevent the installation of malware is either disabling external storage devices which is not always possible or using specialized protective software preventing modifications in the ATM operating system and using its own self-defense mechanism to avoid being disabled outside of normal procedures.
The emergence of new malware with ability to directly extract cash from ATMs is a very alarming sign for self-service device security, says Stanislav Shevchenko, chief technology officer at SafenSoft, Russian self-service device information security software developer. Malware like this allows the cybercriminals to skip the whole process of cash withdrawal they have to take part in after using traditional ATM trojans and skimmer-like devices to steal the plastic card information. Additionally, by spreading malware like that criminals can easily bypass the traditional antivirus-based protection on the ATMs. If that trojan gets massively distributed any bank without specialized protection software on its ATMs will have hard times ahead.
Ńĺíň˙áđü 27, 2013
SafenSoft, 2004-2021. All rights are reserved.