By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    A Malware Classification -Kaspersky Daily
    8 months ago
    Superfish: adware preinstalled on Lenovo laptops
    8 months ago
    Russian-speaking cyber spies from Turla APT group exploit satellites
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    5 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    5 days ago
    Safeguards against firmware signed with stolen MSI keys
    7 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    8 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    8 months ago
    How to protect computer from virus and hackers on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Nine years of Project Galileo and how the last year has changed it
    Nine years of Project Galileo and how the last year has changed it
    16 hours ago
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    4 days ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    5 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    5 days ago
    What is two-factor authentication | Kaspersky official blog
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Yandex.Browser started showing ads
    8 months ago
    How to colorize a black and white photo?
    8 months ago
    Easter egg in Yandex “Songs of the era of space conquest”
    8 months ago
    Latest News
    How to generate SSH keys on Windows 11
    6 hours ago
    How to enable file sharing on WSA for Windows 11
    6 hours ago
    How to add CPU, GPU, RAM widgets on Windows 11
    4 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Invisible Skimmers at the ATMs
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Invisible Skimmers at the ATMs

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
7 Min Read

If you are aware of what ATM skimmers are — and in if you’re not, you should read this post first — you probably know how to act in order to keep your bank card safe. You need to watch for any suspicious attachments to an ATM and avoid using machines that look fishy. But what if there’s no attachments at all, what if the skimmer is completely invisible?

Contents
Double jackpotHow the culprits behind ATM Infector operateHow to protect

Is that even possible?

I’m afraid, the answer is yes. In fact, that is exactly the case with ATM Infector cybercriminal group discovered by our Global Research and Analysis Team (GReAT) together with our Penetration Testing Team. Members of this Russian-speaking cyber gang are able to turn an ATM itself into a skimmer.

Double jackpot

It looks like even cybercriminals love the idea of sharing economy: why attach additional skimmer devices to the ATM if all the hardware they need is already there? All they have to do is infect an ATM with special malware called Skimer and then they can use ATM’s own card reader and pin pad to steal all necessary bank card credentials.

Now you know how they do their criminal business on ATMs and will never fall for the trick: https://t.co/y58IvQSBQw pic.twitter.com/Dj8otixjg3

— Eugene Kaspersky (@e_kaspersky) January 22, 2015

And that’s not it when it comes to sharing; if they have infected an ATM, they can go one step further and control not only the pin pad and card reader devices, but also the cash dispenser. So not only they can steal cards credentials, but they also can send a command to spit out all the money ATM has inside its cash deposit unit.

Criminals behind this cyber campaign are hiding their tracks very carefully. In fact, that’s why they use these double tactics. While they surely could cash out at any moment by ordering all the ATMs they have infected to eject money, it would definitely raise suspicion and probably lead to large investigation. That’s why they prefer to keep malware in the ATM unnoticed and silently collect skimmed card data, leaving the second option — instant cash out — for the future.

How the culprits behind ATM Infector operate

As we told you in a recent blog post, while ATMs protection looks very impressive from the physical point of view, many of these armored machines are more vulnerable in cyberspace. In this particular case criminals infect ATMs either through physical access or via the bank’s internal network.

After installing itself into the system, Skimer malware infects the very computerized core of an ATM, giving criminals full control over the infected ATMs and turning them into skimmers. After that the malware is lying low until criminals decide to use the infected teller machine.

7 reasons why it’s oh so easy for bad guys to hack an #ATM https://t.co/7H7znX1REt #security pic.twitter.com/SPNqm7vXJk

— Kaspersky (@kaspersky) February 17, 2016

To wake up the malware in an ATM, the culprit inserts a specially crafted card with certain records on its magnetic strip. After reading the records, Skimer malware can either execute the hardcoded command or answer commands through a special menu activated by the card.

If the criminal ejects the card and in less than 60 seconds inputs the right session key using the pin pad, the Skimer’s graphic interface appears on the display. With the help of this menu, the criminal can activate 21 different commands, including:

  • dispensing money (40 bills from the specified cassette);
  • collecting the details of inserted cards;
  • self-deleting;
  • updating (from the updated malware code embedded on the card’s chip);
  • saving the file with cards and PINs data on the chip of the same card;
  • or printing the card details it has collected onto the ATM’s receipts.

How to protect

In their blogpost on Securelist, our experts provide recommendations for banks what files they should be searching for in their systems. The full report on the ATM Infector campaign has previously been shared with a closed audience consisting of law enforcement agencies, CERTs, financial institutions and Kaspersky Lab threat intelligence customers.

As for common folk like you and me things are pretty much scary with ATM Infector: there is no way one can define if ATM is infected or not without scanning its computer stuffing, since on the surface it looks and operates completely normally.

Banks usually consider PIN input as a proof that either the transaction was carried out by the owner of the card or the owner himself is responsible for the fact the PIN was compromised. It would be hard to argue bank’s decision and it’s very likely they will never give your money back.

Criminal business on #ATMs, part 2: https://t.co/qCWhTm2ALD pic.twitter.com/46zP035BBE

— Kaspersky (@kaspersky) January 30, 2015

All in all, you can’t secure your card 100% from an ATM Infector, but still you have a couple of tips that will help you keep at least the major part of your money.

1. Despite the fact you can’t identify infected ATMs, you can minimize the risk by using less suspiciously located machines. The best option is to use ATMs in bank’s offices — it’s more difficult for culprits to infect them and they are probably being inspected by bank’s tech team more frequently.

2. Check all the card charges constantly. The best way to do it is to use SMS notifications: if your bank offers such service, using it is a must.

3. If you see a transaction you’ve never made — call your bank immediately and block the compromised card. Really, do this IMMEDIATELY. The faster you react, the more likely you will save at least a good part of your money.


Source: kaspersky.com

Translate this article

TAGGED: Malware, Security, SMTP, Threat, Threats, YouTube
Vitus White October 13, 2022 September 30, 2019
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to generate SSH keys on Windows 11
News 9 hours ago
How to enable file sharing on WSA for Windows 11
News 9 hours ago
Nine years of Project Galileo and how the last year has changed it
Nine years of Project Galileo and how the last year has changed it
Apps 16 hours ago
Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 4 days ago
How to add CPU, GPU, RAM widgets on Windows 11
News 5 days ago

Recent Posts

  • How to generate SSH keys on Windows 11
  • How to enable file sharing on WSA for Windows 11
  • Nine years of Project Galileo and how the last year has changed it
  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11

You Might Also Like

News

How to generate SSH keys on Windows 11

9 hours ago
Nine years of Project Galileo and how the last year has changed it
Apps

Nine years of Project Galileo and how the last year has changed it

16 hours ago
Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

4 days ago
Cloudflare is deprecating Railgun
Apps

Cloudflare is deprecating Railgun

5 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Previous Next
Hot News
How to generate SSH keys on Windows 11
How to enable file sharing on WSA for Windows 11
Nine years of Project Galileo and how the last year has changed it
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?