Not a sophisticated technique, but it got his way to compromised ATM windows OS machine

Preface:

Not a pulp fiction! Kaspersky Lab found that the latest generation of Malware focus in Bank ATM machine attack operate lightweight and simple. But we known that ATM machine was hardening the connectivity. May be you will be interested? In what way let the machine compromised?

Introduction to Bank ATM malware types (malware found since 2015)

i. Rufus – a malicious code used to clean out ATMs running outdated Windows XP software across states.

ii. GreenDispenser – GreenDispenser attempts to query the microsoft windows registry location (see below) to find the peripheral name for the cash dispenser.

“HKEY_USERS\ .DEFAULT\XFS\LOGICAL_SERVICES\class=CDM”

The malware will make a call to WFSExecute with the command set to WFS_CMD_CDM_DISPENSE” and a timeout of 12000 to dispense cash (see above picture). GreenDispenser capable to execute the sdelete to remove itself from the ATM.

iii. Ploutus – Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message. It could run on ATMs running the Windows 10, Windows 8, Windows 7 and XP operating systems. The attack targer aim to control Diebold ATMs.

iv. SUCEFUL – The (SUCEFUL) malware target design to attacks Diebold and NCR ATMs machines.The malicious code features are capable to do the following:

  1. Reading data from the chip of the card
  2. Control of the malware via ATM PIN pad
  3. Suppressing ATM sensors to avoid detection

v. Skimer – Skimer was distributed extensively between 2010 and 2013. Its appearance resulted in a drastic increase in the number of attacks against ATMs, with up to nine different malware families identified by Kaspersky Lab. The criminal (Skimer) group using social engineering technique implant malware to the ATM system through physical access, or via the bank’s internal network.

Another way to make machine vulnerable especially Windows Operating System

 

  • Infection technique through phishing, embedded malware in MS-word document ,download malware infection file and visit compromised website.
  • Try to infect server especially WSUS server
  • Compromise ATM machines through software path management and ATM application software update
  • ATM windows operating system compromised
  • As a result, the ATM machine might become crazy!

 

Protect Yourself:

It is better to use the ATM machine inside of a bank lobby.

Reference:

Should you have interest to elaborate more, please read below details.

ATM thieves are all in jail. Can you tell me that bank ATM environments are safe now?

5 thoughts on “Not a sophisticated technique, but it got his way to compromised ATM windows OS machine”

  1. Hey! I know this is kinda off topic but I was wondering if you knew where I could find a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having difficulty finding one? Thanks a lot!|

  2. I think this is one of the most significant information for me. And i’m glad reading your article. But want to remark on few general things, The site style is great, the articles is really excellent : D. Good job, cheers|

  3. What’s up, for all time i used to check blog posts here in the early hours in the dawn, because i like to gain knowledge of more and more.|

  4. Hey! I understand this is kind of off-topic however I had to ask. Does running a well-established website such as yours take a massive amount work? I am brand new to running a blog but I do write in my diary on a daily basis. I’d like to start a blog so I can easily share my own experience and views online. Please let me know if you have any kind of recommendations or tips for new aspiring bloggers. Appreciate it!|

  5. You really make it seem so easy with your presentation but I find this matter to be really something which I think I would never understand. It seems too complicated and extremely broad for me. I’m looking forward for your next post, I’ll try to get the hang of it!|

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.