Video Thieves are using malware dubbed Tyupkin to empty cash machines and make off with millions of dollars, we’re told.
The hackers don’t need to use stolen or cloned cards. Instead, fraudsters infect the ATM’s on-board PC, and then later type a unique combination of digits on the PIN keypad to drain the machine of banknotes, according to researchers at Kaspersky Lab.
Experts were called in by a financial institution to investigate the disappearance of cash from its ATMs around the world. During this probe, the researchers discovered a piece of malware installed on the machines (Tyupkin) that allowed criminals to loot the devices. Some 50 infected ATMs were found in eastern Europe. Policing agency Interpol is now involved.
A video showing this attack, which has apparently netted “millions of dollars”, as show below.
In order to install the malicious backdoor, someone needs to physically insert a bootable CD which installs the Tyupkin malware.
Once the machine is rebooted, the ATM is under the control of the criminal gang. The sophisticated malware then runs in the background on an infinite loop awaiting a command from the attacker’s side. However, the malware will only accept commands at specific times – in this case on Sunday and Monday nights – making it harder to detect.
Furthermore, a unique combination key based on random numbers is generated – so that the possibility of a member of the public accidentally entering a code can be avoided. This key code needs to be entered before the main menu is shown.
When this session key is entered correctly, the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to steal from, and the number of available banknotes – the ATM dispenses a maximum of 40 at a time from the chosen cassette.