The latest malware innovation: Infect ATMs and have them pump out cash

Chris Smith

January 1, 2014 at 7:30 PM

The ultimate heist: Hackers use SMS to get ATMs to pump out cash

Hackers in Europe managed to target several cash machines from an unnamed bank earlier last year by infecting them with malware from USB drives, BBC News reports. The researchers who discovered the hack detailed their findings at the Chaos Computing Congress in Hamburg, Germany recently. According to their report, the ATM thefts were discovered in July after a bank noticed how its machines were emptied of cash even though the cash should have been protected inside safes. The bank then discovered how criminals were cutting holes into ATMs in order to transfer malware from the USB to the ATM. Once the data transfer was complete, the holes would be patched up to conceal the attack.

To withdraw money, hackers would then enter a 12-digit code that brought up a special menu showing how much of each currency denomination was available within the ATM. The thieves would then withdraw the highest value banknotes in order to spend as little time as possible in front of ATMs and thus avoid suspicion.

Interestingly, in order to prevent untrusted fellow gang members from withdrawing money from the compromised ATMs, the hackers used a double sign in mechanism. In addition to the 12-digit code, the thief would also have to enter a second code in response to a unique random sequence of numbers shown on the ATM. The response came via a phone call from another gang member, meaning that at least two people would be involved with each ATM heist. The machine would return to its normal state after three minutes of malicious inactivity.

The research has shown that the hack did not actually target data from regular customers using the machines, and instead focused only on directly retrieving the money. As for the code itself, the hackers “had gone to great lengths to make their malware code hard to analyze,” BBC writes, with researchers concluding that the hackers must have “profound knowledge of the target ATMs.”

This article was originally published on BGR.com

News

Life

Entertainment

Finance

Sports

New on Yahoo

The latest malware innovation: Infect ATMs and have them pump out cash

Recommended Stories

Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

How to watch the 2024 WNBA preseason tonight: Caitlin Clark’s first Indiana Fever game time, channel and more

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

NFL Draft grades for all 32 teams | Zero Blitz

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets

The best RBs for 2024 fantasy football according to our analysts

Acura’s new all-electric SUV proves the most expensive model isn’t always the best

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans

Wide receiver rankings for fantasy football 2024

Reba McEntire, 69, relies on this wrinkle-smoothing 'holy grail' moisturizer for radiant skin

NFL to allow players to wear protective Guardian Caps in games beginning with 2024 season

Tight end rankings for 2024 fantasy football 2024

MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league

Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46

Tiger Woods explains viral Masters tree meme, daughter’s ‘negative’ relationship with golf while promoting ‘Sun Day Red’