In March 2018, we came across a fairly simple but effective piece of malware named WinPot. It was created to make ATMs by a popular ATM vendor to automatically dispense all cash from their most valuable cassettes. We called it ATMPot. Read Full Article
Goodfellas, the Brazilian carding scene is after you
There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile ground for collecting credit and debit cards en masse. Read Full Article
Kaspersky Security Bulletin: Review of the Year 2017
The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat landscape. Read Full Article
ATM malware is being sold on Darknet market
In May 2017, Kaspersky Lab researchers discovered a forum post advertising ATM malware that was targeting specific vendor ATMs. The forum contained a short description of a crimeware kit designed to empty ATMs with the help of a vendor specific API, without interacting with ATM users and their data. The price of the kit was 5000 USD at the time of research. Read Full Article
ATMii: a small but effective ATM robber
While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. We have written about this phenomenon extensively in the past and today we can add another family of malware to the list – Backdoor.Win32.ATMii. Read Full Article
ATMitch: remote administration of ATMs
In February 2017, we published research on fileless attacks against enterprise networks. This second paper is about the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations – basically enabling remote administration of ATMs. Read Full Article
IT threats during the 2016 Olympic Games in Brazil
In this blog post we discuss the threats to visitors aiming to travel to Brazil to watch the Olympic Games and to those planning to watch it online. We’ll talk about phishing attacks, highlight WiFi security and touch upon physical security that involves the usage of USB charging spots, the problem of credit card cloning and ATM skimmers. Read Full Article
Malware and non-malware ways for ATM jackpotting. Extended cut
Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers – banks – don’t pay much attention to the security of cash machines. Read Full Article
ATMZombie: banking trojan in Israeli waters
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. The incident Israeli banks experienced had a very fascinating and innovative method of stealing the money. Read Full Article