SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
18 May 2016

Invisible skimmers at the ATMs

If you are aware of what ATM skimmers are, you probably know how to act in order to keep your bank card safe. You need to watch for any suspicious attachments to an ATM and avoid using machines that look fishy.

But what if there’s no attachments at all, what if the skimmer is completely invisible? I’m afraid, the answer is yes. In fact, that is exactly the case with ATM Infector cyber-criminal group discovered by Global Research and Analysis Team (GReAT) together with Penetration Testing Team.

Members of this Russian-speaking cyber gang are able to turn an ATM itself into a skimmer. It looks like even cyber-criminals love the idea of sharing economy: why attach additional skimmer devices to the ATM if all the hardware they need is already there? All they have to do is infect an ATM with special malware called Skimmer and then they can use ATM’s own card reader and pin pad to steal all necessary bank card credentials.

And that’s not it when it comes to sharing; if they have infected an ATM, they can go one step further and control not only the pin pad and card reader devices, but also the cash dispenser. So not only they can steal cards credentials, but they also can send a command to spit out all the money ATM has inside its cash deposit unit.

Criminals behind this cyber campaign are hiding their tracks very carefully. In fact, that’s why they use these double tactics. While they surely could cash out at any moment by ordering all the ATM’s they have infected to eject money, it would definitely raise suspicion and probably lead to large investigation. That’s why they prefer to keep malware in the ATM unnoticed and silently collect skimmed card data, leaving the second option — instant cash out — for the future.

How the culprits behind ATM Infector operate

As we told you in a recent blog post, while ATM’s protection looks very impressive from the physical point of view, many of these armoured machines are more vulnerable in cyberspace. In this particular case criminals infect ATM’s either through physical access or via the bank’s internal network.

After installing itself into the system, Skimmer malware infects the very computerised core of an ATM, giving criminals full control over the infected ATM’s and turning them into skimmers. After that the malware is lying low until criminals decide to use the infected teller machine. To wake up the malware in an ATM, the culprit inserts a specially crafted card with certain records on its magnetic strip. After reading the records, Skimmer malware can either execute the hard-coded command or answer commands through a special menu activated by the card.

If the criminal ejects the card and in less than 60 seconds inputs the right session key using the pin pad, the Skimmer’s graphic interface appears on the display. With the help of this menu, the criminal can activate 21 different commands, including:

  • dispensing money (40 bills from the specified cassette);
  • collecting the details of inserted cards;
  • self-deleting;
  • updating (from the updated malware code embedded on the card’s chip);
  • saving the file with cards and PIN’s data on the chip of the same card;
  • or printing the card details it has collected onto the ATM’s receipts.
     

How to protect

In their blogpost on Securelist, our experts provide recommendations for banks what files they should be searching for in their systems. The full report on the ATM Infector campaign has previously been shared with a closed audience consisting of law enforcement agencies, CERTs, financial institutions and Kaspersky Lab threat intelligence customers.

As for common folk like you and me things are pretty much scary with ATM Infector: there is no way one can define if ATM is infected or not without scanning its computer stuffing, since on the surface it looks and operates completely normally. Banks usually consider PIN input as a proof that either the transaction was carried out by the owner of the card or the owner himself is responsible for the fact the PIN was compromised. It would be hard to argue bank’s decision and it’s very likely they will never give your money back.

All in all, you can’t secure your card 100% from an ATM Infector, but still you have a couple of tips that will help you keep at least the major part of your money.

1. Despite the fact you can’t identify infected ATM’s, you can minimize the risk by using less suspiciously located machines. The best option is to use ATM’s in bank’s offices — it’s more difficult for culprits to infect them and they are probably being inspected by bank’s tech team more frequently.

2. Check all the card charges constantly. The best way to do it is to use SMS notifications: if your bank offers such service, using it is a must.

3. If you see a transaction you’ve never made — call your bank immediately and block the compromised card. Really, do this IMMEDIATELY. The faster you react, the more likely you will save at least a good part of your money.

Tags:
ATM fraud
Source:
Kaspersky Daily
2321
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015