ATM malware discovered

March 19, 2009 | 13:09

Tags: #atm #diebold #malware #pin #skimming #trojan

Companies: #premier #sophos

The next time you get money out at a hole-in-the-wall, cross your fingers that the operating system is fully patched up; there's now malware out there which directly targets Windows-based ATMs.

According to anti-virus provider Sophos – via ITWire – code has been discovered for a piece of malware that targets automated teller machines from US manufacturer Diebold, better known for its range of voting machines.

The code for the software uses undocumented features to create a virtual 'skimmer' which is capable of recording card details and personal identification numbers without the user's knowledge, which suggests that the creator had access to the source code for the ATM. While this doesn't directly point to an inside job, the possibility certainly can't be ruled out.

Sophos believes that the code was intended to be pre-installed by an insider at the factory, and would hold transaction details until a special card was entered into the machine – at which point a nice list of card numbers, PINs, and balances would be printed out for the ne'er-do-well to peruse at his leisure. It's also possible that the malware could be installed by someone with access to the ATM's internal workings – such as the person who refills the supply of money each day.

Sophos's Graham Cluley – who has been dissecting the code since the company obtained a copy – claims that the malware is designed to “skim money from accounts in Russian, Ukrainian, and American currency” - which should make any unauthorised transactions a little more obvious here in the UK.

So far there has been no official comment from Diebold on the matter.

Starting to think that automating the removal of cash from bank accounts was a bad idea, or would it take proof that the malware is in the wild before you chop up your cash cards? Share your thoughts over in the forums.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04