{"id":80503,"date":"2016-06-25T12:14:09","date_gmt":"2016-06-25T16:14:09","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2022-08-10T12:22:56","modified_gmt":"2022-08-10T16:22:56","slug":"malware-steals-your-cash-at-atm","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/malware-steals-your-cash-at-atm\/","title":{"rendered":"Malware Steals Your Cash At ATM"},"content":{"rendered":"

\"Malware<\/a>On September 2, 1969, America\u2019s first automatic teller machine (ATM) started dispensing cash to customers at Chemical Bank<\/a> in Rockville Center, New York<\/a>. Since then ATMs<\/a><\/strong> have been a trusted avenue for many banking transactions. However, Business Insider<\/em><\/a> warns<\/a> that the next time you pull cash out of the ATM<\/strong>, or \u201cTap the Mac<\/a>\u201d you should take extra care<\/strong>. BI<\/em> reports that Internet security firm Kaspersky Lab<\/a><\/strong> has announced<\/a> the return of a newer and more dangerous version of the Skimer malware<\/strong>.<\/p>\n

T\"ATMs<\/a>he report characterizes Skimer as an especially dangerous malware that turns whole ATMs into card-skimming machines<\/strong>. The malware first appeared in 2009 and has been distributed at ATMs all over the world.<\/p>\n

The majority of ATM fraud takes place through card skimming. Card skimming is usually physical, as criminals typically install an illegal card-reading device into ATMs, film people entering their PINs on keypads, and then create duplicate cards for sale and use, reports<\/a> the New York Times<\/em><\/a>. Fortunately, users can uncover these card skimmers because they’ll spot a problem with the card reader or notice an unusual camera.<\/p>\n

\"Gas<\/a>Skimer<\/a> is particularly problematic because it is software-based<\/strong>. The article explains the threat is undetectable to the common ATM user since there is no physical sign of the ATM being tampered with. The Russian-based program lets criminals access an ATM remotely<\/strong>, install the malware, and then gather<\/strong> data such as PINs, card numbers, and account numbers<\/strong> over the course of time. A “money mule” can then insert a special magnetic stripe card into the ATM to access the stolen data, take out money, or print card numbers onto a receipt<\/strong>.<\/p>\n

The attack begins by gaining access to the ATM system either through physical access or via the bank\u2019s internal network. Then Backdoor.Win32.Skimer malware is installed which infects the core of the ATM. The ATM core is responsible for the machine\u2019s interactions with the banking infrastructure, cash processing, and credit cards. After that, the ATM has become a skimmer. The compromise allows the attackers to withdraw all the funds in the ATM or grab the data from cards used at the ATM, including customers\u2019 bank account numbers and PIN codes.<\/p>\n

\"Kaspersky<\/a>Kaspersky is trying to help banks detect Skimer and is providing techniques for identifying affecting machines and securing their ATM networks in the future. Sergey Golovanov, a principal security researcher at Kaspersky Lab explains it is possible for banks to stop Skimer.
\n<\/i><\/p>\n

We have discovered the hardcoded numbers used by the malware, and we share them freely with banks … they can proactively search for them inside their processing systems, detect potentially infected ATMs and money mules, or block any attempts by attackers to activate the malware<\/i><\/p>\n

To prevent ATM attacks, Kaspersky recommends that banks:<\/p>\n