New ATMJackpot Malware To Steal Your Money From ATMs Machine
A Cybersecurity researchers have found a Malware which steals your money From ATMs machine remotely, code named "ATMJackpot".
ATM Jackpot can be installed remotely or through USB port, if the ATM computer system become vulnerable. A similar attacks was discovered in 2014 targeted European and Russia countries as reported. After its spread in Asian countries.
According to cybersecurity firm Netskope,
ATM Malware control via physical access to the ATM using USB, and also via the network by downloading the malware on to already-compromised ATM machines using sophisticated techniques. After tracking event the malware follow the commands, reads the data from PIN pad to cash transaction and eject cards. Netskope for Web detects the download of this malware as Gen:Variant.Razy.255528.
How ATMJackpot Malware works?
- The ATMJackpot malware first registers the windows class name ‘WIN’ with a window procedure that is responsible for all of the malware activity.
- After registering a window class, the malware creates the window, populates the options on the window, and initiates the connection with the XFS manager.
- After initiating a connection with the XFS manager, the malware opens the session with the service providers and registers to monitor the events. The malware opens a session with CDM (cash dispenser), IDC (card reader) and PIN (pin pad) service providers.
After successful registration, the malware can monitor the events from different service providers and execute the commands.
- Malware reads the data from PIN pad asynchronously using WFSAsyncExecute API call.
- Malware has the functionality to dispense cash.
- Malware also has the functionality to eject the card.
The ATMJackpotting technique are on rise in cyber crime activities. All banks should be concerned about ATM's security. There are many ATM machine runs on Windows XP Operating system which is responsible to hack by cyber criminals easily. Microsoft had end the support for Windows XP in 2014.