Trend Micro researchers have discovered a malware listing on Dark Web marketplace that lets attackers steal from Bitcoin ATMs. They can easily rake in cryptocurrency worth 6,750 in Euros, Pounds or Dollars by attacking the ATMs. The listing was perhaps created on June 25, 2018. It is available at a whopping price tag of $25,000.
Bitcoin ATMs are basically terminals that allow users to initiate syncing with cryptocurrency exchanges for transferring crypto to digital wallets. Their mobile numbers and ID cards are used to verify their identity.
Buyers of Bitcoin ATM malware also get a ready-to-use card. This card is already equipped with EMV and NFC capabilities. Additionally, it comes with a multi-lingual guide and Jabber-based 24/6 customer support service facility.
See: Hacking tools & ready-made phishing pages being sold on the dark web for $2
In a blog post published by Trend Micro it was revealed that the malware exploits a “service vulnerability” to attack ATMs and attacker doesn’t need physical access to the machine.
Senior threat researcher and author of the blog post, Fernando Merces, claims that this discovery isn’t surprising at all because of the excessively popular “real-world” use of cryptocurrencies. The popularity has lured scammers and hackers towards it. After all, cybercriminals are always looking to exploit money-making methods so targeting Bitcoin ATMs should have been on their to-do list.
As per Trend Micro’s analysis, the listing has around 100 reviews. This indicates that the seller has made a lot of money already. There are other posts from the seller, where regular ATM malware are up for sale. These malware also have been developed to be compatible with EMV standards, the GozNym 2.0 banking Trojan, and other compromised commercial accounts.
See: ATMJackpot Malware Stealing Cash From ATMs
On one of the threads on the regular ATM malware, the seller explains to a buyer that after the malware is loaded, the ATM will switch to engineer maintenance mode. This will disconnect the machine from all the networks and also will disable the arm. So, the attacker can easily withdraw funds.
Image credit: Depositphotos