Cyber criminals have devised a new method of stealing cash from ATMs without credit and debit cards. A new variety of malware Tyupkin malware discovered is believed to allow criminals withdraw large sums of money by simply typing in a code.

The incidence of emptying the cash machines using a code first came into light when Kaspersky Lab (1034431Z:) forensics investigation was called to inquire the matter following a request from a financial services company in Eastern Europe.

Over the past few years, we have observed a major uptick in ATM attacks using skimming devices and malicious software. Following major reports of skimmers hijacking financial data at banks around the world, we have seen a global law enforcement crackdown that led to the arrests and prosecution of cyber criminals. Now we are seeing the natural evolution of this threat with cyber criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs directly, or through direct advanced persistent threat (APT) attacks against the bank. The Tyupkin malware is one such example of attackers moving up the chain and finding weaknesses in the ATM infrastructure”, said Kaspersky Labs.

It was observed that the malware once installed on the ATM using a CD allowed attackers to empty the ATM cash cassettes. This however, is a 2 step process. Firs, gaining physical access to the ATM . Second, a unique code – randomly generated by an algorithm at a remote location – to unlock the machine and dispense the cash. When rebooted, the miscreant has control of the ATM and can withdraw 40 notes at a time.

Kaspersky noted, at the time of the investigation, the Tyupkin malware was active on over 50 ATMs in Eastern Europe and has likely spread to the adjoining areas and other countries, including the US, India and China. Kaspersky has warned banks to review the physical security of their ATMs and consider investing in security.

10 Responses

  1. Mishawaka, Indiana; Friday; October 10, 2014 | Mishawaka Current

    […] Cyber criminals use Tyupkin Malware to hack ATM Machines, swipe millions […]

    Reply
  2. Somewhere in the Midwest; Thursday; October 9, 2014 | Auntie Rona's Trans Blog

    […] Cyber criminals use Tyupkin Malware to hack ATM Machines, swipe millions […]

    Reply
  3. LaPaz and Lakeville, Indiana; Thursday; October 9, 2014 | L & L Beacon

    […] Cyber criminals use Tyupkin Malware to hack ATM Machines, swipe millions […]

    Reply
  4. South Bend Indiana; Thursday; October 9, 2014 | South Bend Homeless Herald

    […] Cyber criminals use Tyupkin Malware to hack ATM Machines, swipe millions […]

    Reply
  5. Mishawaka, Indiana; Thursday; October 9, 2014 | Mishawaka Current

    […] Cyber criminals use Tyupkin Malware to hack ATM Machines, swipe millions […]

    Reply
  6. Orde Miller

    Mormon hackers are some of the most vicious in the USA.
    Massive data collection center south of Salt Lake City, Utah was built and staffed by Mormons for a reason.

    Reply
  7. richard_head

    Hackers can turn an ATM into a bomb and blow you to smithereens.

    Reply
  8. Kenneth Gardner

    Yeah, I always wondered what that CD drive was for at my ATM. Not!

    Reply
    • Apul_MadeeqAoud

      I always used it to play cuts from my Sly and the Family Stone CD; didn’t realize you could upload code on it. Can it play Tetris?

      Reply

Leave a Reply

Your email address will not be published.