• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Modified version of Skimer malware makes stealing cash from ATMs easy

May 18th, 2016 Ali Raza Malware 0 comments
Modified version of Skimer malware makes stealing cash from ATMs easy
Share on FacebookShare on Twitter
Skimer malware is back to steal your cash from ATMS!

A new malware program named Skimer has been discovered by security researchers. The malware is designed in a way that it infects the ATMs that run with the Windows operating system and therefore be used in stealing of money and payment card details.

gif-atm-skimmer-modified-version-skimer-malware-makes-stealing-cash-atms-easy

Source: JoyReactor

The malware was discovered seven years ago, but through evolution it has managed to withstand the test of time, and it has become more and more appealing for attackers to use. The new malware strain which was discovered by the Kaspersky researchers uses new methods to avoid detection.

When installed, the malware goes to work and checks whether the file system is FAT32 or NTFS. If the file system is FAT32 then the malware will put a malicious executable file in the C:\Windows\System32 directory. If the file system is NTFS then the malware will write in the NTFS data stream, therefore, corresponding to the Microsoft Extension for all Financial Services (XFS) service.

This method that the Skimer malware uses makes the use of forensics for analysis a very difficult thing, the Kaspersky researchers said.

The new malware changes the legitimate XFS executable SpiService.exe which is usually found on the ATM, therefore, making it’s own components available which is named netmgr.dll. These actions allow the Skimer malware to communicate with the PIN pad and the card reader.

Skimer lies dormant until activated by the insertion of a card. The card has to have Track 2 data on it. When the card is inserted, the malware can then start communication with two of the different types of cards. The first type is one that requests for data and commands through the interface, and the second type is to execute the commands which are already hard coded into the Track2.

[must url=”https://www.hackread.com/how-your-atm-card-data-could-get-hacked/“]How Your ATM Card Data Could Get Hacked[/must]

[fullsquaread][/fullsquaread]

[must url=”https://www.hackread.com/hackers-infecting-atm-with-malware/“]Hackers Can Infect ATM With Malware To Hold Your Card[/must]

After ejection of the data, users are then given a form which asks them to press in the session key and is timed for 60 seconds. The user now has authentication and can now put in twenty-one different codes for setting its activity. All the codes should be put on the pin pad.

Some of the most important commands that can be executed by the Skimer malware include showing of the installation details, the dispensation of money from an ATM, collection and harvesting of details of all inserted cards. Other important features include printing of collected card details, self-delete option, a debug mode and an update option for the malware that is already in there.

[src src=”Source” url=”https://securelist.com/blog/research/74772/atm-infector/”]Kaspersky[/src]

  • Tags
  • ATM
  • Banking
  • Cyber Crime
  • Hacks
  • Malware
  • Scam
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Anonymous Target North Carolina Government Sites Against anti-LGBT Law
Next article Hacker Selling 117 million LinkedIn Login Credentials
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. His work has been featured in many major crypto and tech websites including Hacked, Hackread, ValueWalk, Cryptoslate, CCN, and Globlecoinreport to name a few. Raza is the co-founder of 5Gist.com, too, a site dedicated to educating people on 5G technology.

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Android apps on APKPure store caught spreading malware

Android apps on APKPure store caught spreading malware

Unpatched vulnerable VPN servers hit by Cring ransomware

Unpatched vulnerable VPN servers hit by Cring ransomware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
ParkMobile parking app data breach - 21M user records stolen, sold
Hacking News

ParkMobile parking app data breach - 21M user records stolen, sold

Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us