Tyupkin Malware Hacking ATM Machines Worldwide

[akkiliON]

Money is always a perfect motivation for cyber criminals who tries different tricks to solely target users with card skimmers that steal debit card numbers, but now the criminals are using specialized malware that targets ATM (Automated Teller Machine) systems to withdraw cash even without the need of a card.

The new backdoor program, dubbed as “Tyupkin,” requires physical access to the ATM system running 32-bit Windows platforms and booting it off of a CD in order to install the malware. According to the researchers, the threat has continued to evolve in recent months, infecting ATMs in Asia, Europe, and Latin America.

There are no details relating to the criminal gang behind the attacks, but they have already stolen "millions of dollars" from ATMs worldwide using the sophisticated malware, security firms Kaspersky and Interpol, who are working together in an attempt to foil the criminal gang, said in a joint statementreleased on Tuesday.

"Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software," said Vicente Diaz, principal security researcher at Kaspersky Lab.

"Now we are seeing the natural evolution of this threat with cybercriminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct Advanced Persistent Threat (APT)-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure."

HOW TYUPKIN ATTACK WORKS

In order to install the malicious backdoor, money mules need to physically insert a bootable CD which installs the malware.

Once the machine is rebooted, the ATM is under the control of the criminal gang. The sophisticated malware then runs in the background on an infinite loop awaiting a command from the attacker’s side. However, the malware will only accept commands at specific times – in this case on Sunday and Monday nights – making it harder to detect.

Furthermore, a unique combination key based on random numbers is generated – so that the possibility of a member of the public accidentally entering a code can be avoided. This key code needs to be entered before the main menu is shown.

"The malicious operator receives instructions by phone from another member of the gang who knows the algorithm and is able to generate a session key based on the number shown," Kaspersky stated in its release. "This ensures that the mules collecting the cash do not try to go it alone."

When this session key is entered correctly, the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to steal from, and the number of available banknotes – the ATM dispenses a maximum of 40 at a time from the chosen cassette.

COUNTRIES AFFECTED BY TYUPKIN

During investigation the researchers found more than 50 ATMs from banking institutions throughout Eastern Europe, and most of the Tyupkin submissions came from Russia. The malware appears to have since spread to the United States, India, China, Israel, France and Malaysia.

The scam has been even caught on video, as many of the ATMs have cameras, so you can also have a look to the video provided below. Kaspersky has informed law enforcement about the issue and also alerted banks and the financial sectors of the steps needed to prevent this type of attack.

Surs?: Tyupkin Malware Hacking ATM Machines Worldwide

[d4rkm4nx]

cum viruseaza atm-ul ?

[Aerosol]

cum viruseaza atm-ul ?

uite asa au luat

acesta a fost instalat manual prin intermediul unui disc optic de c?tre ni?te infractori care au reu?it cumva s? ob?in? acces fizic deplin la sistem.

[yo20063]

L-au bagat in cd-rom

[d4rkm4nx]

pai inseamna ca au avut complice pe functionarul de la banca sau ala de vine sa alimenteze atm-ul

[MadAgent]

Din pacate, unele ATM-uri au port usb in partea din fata(unele sub keypad). Poti da jos keypad-ul si sa bagi stick cu autorun, sau daca e disabled autorunul dar are cod de admin default, poti gasi o modalitate sa rulezi...

Off-topic: Tehnologii de doi lei sunt adoptate pentru plati doar din cauza ca lumea a fost invatata(voit de catre "sistem" sau au fost luati de valul tehnologizarii) sa le foloseasca si are prea putine informatii pentru a-si da seama la ce se expun.

[ponta]

E jale cu Sovietici astia.

[Aerosol]

pai inseamna ca au avut complice pe functionarul de la banca sau ala de vine sa alimenteze atm-ul

@MadAgent chestia asta e dubioasa cu usb fiindca asa e peste tot nu numai in romania...

[d4rkm4nx]

pai si astia chiar asa de tampiti sunt ?! sa permita accesul sub keypad din exterior la toata lumea....

carevasazica inginerul proiectant era retardat mintal sau poate nu a prevazut ca peste ceva timp o sa umble lumea pe sub tastatura

[MadAgent]

pai si astia chiar asa de tampiti sunt ?! sa permita accesul sub keypad din exterior la toata lumea....

carevasazica inginerul proiectant era retardat mintal sau poate nu a prevazut ca peste ceva timp o sa umble lumea pe sub tastatura

Compromisuri... poate se gandea ca pentru o depanare, nu va avea loc in spatele ATM-ului(ex ATM din magazine - sunt frecvente in afara tarii) cu un laptop sau alte echipamente(sau pentru a nu desface toata magaoaia, sunt ATM-uri care se deschid prin fata - http://www.extremetech.com/wp-content/uploads/2013/12/Two_Loomis_Employees_Refilling_an_ATM_at_the_Downtown_Seattle_REI.jpg).

[akkiliON]

[wildchild]

Mai ruleaz? ATM-ul b?ncii tale pe Windows XP ?i tu te miri de ce e vulnerabil? Jesus.....

[vas92gsm]

Am avut ocazia sa lucrez în interiorul la doua b?nci ca Barclays ?i JP Morgan UK ?i când au venit b?ie?i sa instaleze ATM-urile surpriza rulau pe ele windows xp , ?i Iam întrebat pe unu dintre ei de ce nu folosesc linux ?i îmi dau un r?spuns "frumos " securitatea este la p?mânt la linux .

Scuze pentru off - topic .