• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 21st, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Scams and Fraud

New Malware Hits ATMs Running on Win7 and Win Vista

October 10th, 2017 Waqas Security, Malware, Scams and Fraud 0 comments
New Malware Hits ATMs Running on Win7 and Win Vista
Share on FacebookShare on Twitter

Kaspersky Discovers New Malware Strain ATMii that Attacks Win7 and Win Vista ATMs.

The IT security researchers at Kaspersky Lab have discovered a new malware strain called ATMii because it attacks ATMs that run on Windows 7 and Windows Vista. This means the malware is ineffective on a majority of ATMs since most of them nowadays use Windows XP. It also hints at the fact that the operator of ATMii is intentionally attacking the ATMs of a certain network and the malware strain has been designed to steal from those machines only.

ATMii was discovered in April 2017 after one of the attacked banks shared a sample with the security researchers at Kaspersky Lab. The team explored ATMii and published the technical breakdown of its capabilities.

As per the analysis of Kaspersky’s senior developer Konstantin Zykov, this particular malware strain isn’t as powerful or dangerous as other ATM malware strains identified so far such as Rufus, GreenDispenser, Ploutus, SUCEFUL, Skimer, etc. The entire strain comprises of two files only called the exe.exe and dll.dll.

“The malware turned out to be fairly straightforward, consisting of only two modules: an injector module (exe.exe, 3fddbf20b41e335b6b1615536b8e1292) and the module to be injected (dll.dll, dc42ed8e1de55185c9240f33863a6aa4). To use this malware, criminals need direct access to the target ATM, either over the network or physically (e.g., over USB). ATMii, if it is successful, allows criminals to dispense all the cash from the ATM,” wrote Zykov in its blog post.

ATMii is installed on the ATMs through access to the network or a USB device. The attacker can copy these two files on the storage drive of ATM and execute the exe.exe file, which will start searching for the basic atmapp.exe process. When it is found, the exe.exe file injects dll.dll file. This file lets the attacker interact with the genuine atmapp.exe process and take control of the machine.

The injector is written in Visual C language while it is an unprotected command line application compiled with timestamp: Fri Nov 01 14:33:23 2013 UTC, explained Zykov. The compilation timestamp, as evident, is about four years old and it is quite unrealistic to believe that the malware remained unnoticed for such a long time. Therefore, it can be assumed that the attackers have used a fake timestamp.

Another interesting fact identified by Zykov is that the malware strain supports three commands to carry out its malicious operations. The Scan command scans the ATM’s cash cassettes to get the complete list of bills stored in the machine at the time of the attack. Through Disp command, attackers can dispense as much cash as they need and with Die command, attackers can instruct the malware to removes itself.

Source: Kaspersky

[fullsquaread][/fullsquaread]

  • Tags
  • ATM
  • Banking
  • Cyber Crime
  • Infosec
  • internet
  • Malware
  • Money
  • Privacy
  • security
  • Technology
  • USB
Facebook Twitter LinkedIn Pinterest
Previous article PureVPN Aided FBI to Track CyberStalker by Providing His Logs
Next article Massive Trove of Sensitive 'Accenture' Data Exposed Online
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
REvil ransomware gang hits Apple supplier Quanta; warns of data leak
Cyber Crime

REvil ransomware gang hits Apple supplier Quanta; warns of data leak

Hackers claims to be selling 13tb of Domino’s India data
Hacking News

Hackers claims to be selling 13tb of Domino’s India data

WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us