Cybercriminals compromise ATMs to spit out cash by sending SMS message

Symantec warns of sophisticated malware that allows cybercriminals to send a text message to compromised ATMs, then walk up and collect the money

By: Michael Hatamoto | Hacking & Security News | Posted: Mar 25, 2014 12:18 am

Comment | Email to a Friend | Font Size: A A

As the Microsoft end of support for the aging Windows XP operating system quickly approaches, security researchers believe the banking industry faces a serious risk of compromised ATMs, according to Symantec.

cybercriminals_compromise_atms_to_spit_out_cash_by_sending_sms_message_01

The Backdoor.Ploutus.B malware variant, an upgraded version of sophisticated malware that proved effective in 2013, allows cybercriminals to force ATMs to dispense cash.

The criminals simply send an SMS to a compromised ATM, walk up, and collect the stolen cash - using a network packet monitor (NPM) and other tools to properly infect the ATM.

"As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number '5449610000583686' at a specific offset within the packet in order to process the whole package of data," said Daniel Regalado, Symantec security researcher, in a blog post. "Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus."

NEWS SOURCES:Scmagazine.com