Tech content trusted by users in North America and around the world
7,245 Reviews & Articles | 52,532 News Posts

Cybercriminals compromise ATMs to spit out cash by sending SMS message

Symantec warns of sophisticated malware that allows cybercriminals to send a text message to compromised ATMs, then walk up and collect the money
By: Michael Hatamoto | Hacking & Security News | Posted: Mar 25, 2014 12:18 am

As the Microsoft end of support for the aging Windows XP operating system quickly approaches, security researchers believe the banking industry faces a serious risk of compromised ATMs, according to Symantec.




The Backdoor.Ploutus.B malware variant, an upgraded version of sophisticated malware that proved effective in 2013, allows cybercriminals to force ATMs to dispense cash.


The criminals simply send an SMS to a compromised ATM, walk up, and collect the stolen cash - using a network packet monitor (NPM) and other tools to properly infect the ATM.


"As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number '5449610000583686' at a specific offset within the packet in order to process the whole package of data," said Daniel Regalado, Symantec security researcher, in a blog post. "Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus."


Related Tags

Got an opinion on this news? Post a comment below!