CASH! CASH! Hacking ATM Machines with Just a Text Message

Hacking ATM Machines for Cash with Just a Text Message

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft’s decision towithdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.

MORE REASONS TO UPGRADE
Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.
What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time.” researchers said.
HARDWIRED Malware for ATMs

According to researchers – In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.
To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.

Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely.

HOW-TO HACK ATMs
  • Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
  • The attacker sends two SMS messages to the mobile phone inside the ATM.
    • SMS 1 contains a valid activation ID to activate the malware
    • SMS 2 contains a valid dispense command to get the money out
  • Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
  • Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
  • Amount for Cash withdrawal is pre-configured inside the malware
  • Finally, the hacker can collect cash from the hacked ATM machine.
Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.
This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.
Mohit Kumar - Hacking News

Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

 4515  422  130  5184

Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

In an era where major data hacks are on the rise, it is no surprise breaches on individuals are also up.

In just three hours, over 100 criminals managed to steal ¥1.4 Billion (approx. US$12.7 Million) from around 1,400 ATMs placed in small convenience stores across Japan.

The heist took place on May 15, between 5:00 am and 8:00 am, and looked like a coordinated attack by an international crime network.

The crooks operated around 1,400 convenience store ATMs from where the cash was withdrawn simultaneously in 16 prefectures around Japan, including Tokyo, Osaka, Fukuoka, Kanagawa, Aichi, Nagasaki, Hyogo, Chiba and Nigata, The Mainichi reports.Also Read: Tyupkin Malware Hacking ATM Machines Worldwide

Many ATM incidents involve a long-established technique called ‘ATM Skimming‘ in which criminals install devices to obtain card details via its magnetic stripe, or use ATM malware or from data breaches, and then work with so-called carders and money mules to pilfer cash at ATMs or make online purchases.

In this particular case as well, the heist was carried out using cloned credit cards that contained bank account details obtained from Standard Bank in South Africa.

The criminal gang of around 100 people believed to have withdrawn 100,000 yen (nearly US$900) – the maximum amount allowed by cash machines – from each of the 14,000 ATMs.

No one has yet been arrested in connection with the heist. However, Japanese police are currently trying to identify the suspects by examining CCTV footage and are working with South African authorities to investigate how the information on credit cards was leaked.Also Watch: How Hacker Installs a Credit Card Skimmer in 3 Seconds.

This incident shows a sophisticated move by a group of criminals who stole the critical card data, but rather than using it immediately, it kept the data safe and used effectively when least suspected.

So, be cautious when you use any ATM and always look carefully at the teller machine before using it. If you found the machine tampered or its card slot looks damaged or scratched, DO NOT use the ATM.

Annunci