Tyupkin malware spotted by Kaspersky in over 50 Eastern European cash machines before spreading worldwide
Customers will no longer need to look over their shoulder for the most worrying threat when using a cash point following the news that cybercriminals have developed a way to hack into and empty ATM’s.
The Tyupkin malware was detected by online security firm Kaspersky as having infected cash machines at over 50 banks across Eastern Europe, netting millions for the criminals involved, and now looks to have also spread to the U.S., China and India.
Tyupkin infects cash machines running older 32-bit versions of the Windows operating system, and allows the criminals direct control of the machine, meaning they can tell it to dispense all of its cash. However, the exploit does need physical access to the machines so that the criminals can insert a bootable CD in order to install the malware, which becomes active when the machine is rebooted, locking down the machine for the criminal.
Users are prompted for a specific PIN key, which when correctly entered shows information on how much money is present in each machine cassette, with a maximum of 40 notes available to withdraw each time.
In order to avoid detection, the malware has also been designed to only be active at certain times during the night, meaning it avoids other busier periods.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software,” Vicente Diaz, principal security researcher at Kaspersky Lab, said. “Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly.
“Our recommendations for the banks is to review the physical security of their ATMs and consider investing in quality security solutions.”
The discovery of this malware, although small in scale at this point, does mean that many European banks will need to evaluate the need to tighten the security around their cash points, according to Jean Taggart, senior security researcher at Malwarebytes.
“The larger issue is that the banks still do risk analysis and fraud budgets to evaluate if the problem needs immediate attention, rather than addressing the problem from the get go,” he added.
A similar malware variant, which allowed criminals to control infected ATMs via remote text message, was detected earlier this year by security firm Symantec. Cash machines have become an increasingly popular target for attack from cybercriminals in recent years, particularly following the news that almost 95 percent of ATMs continue to run on Windows XP.
Are you a security pro? Try our quiz!