As the Microsoft end of support for the aging Windows XP operating system quickly approaches, security researchers believe the banking industry faces a serious risk of compromised ATMs, according to Symantec.
The Backdoor.Ploutus.B malware variant, an upgraded version of sophisticated malware that proved effective in 2013, allows cybercriminals to force ATMs to dispense cash.
The criminals simply send an SMS to a compromised ATM, walk up, and collect the stolen cash - using a network packet monitor (NPM) and other tools to properly infect the ATM.
"As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number '5449610000583686' at a specific offset within the packet in order to process the whole package of data," said Daniel Regalado, Symantec security researcher, in a blog post. "Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus."