ATMii Malware can make ATMs drain available cash

  • 376
  •  
  •  
  • 1
  •  
  •  
  •  
    377
    Shares

Security researchers from Kaspersky have detected a new ATM malware called ATMii that targets only ATMs operating on Microsoft Windows 7 and Windows Vista.

The malware was first detected in April 2017 when one of the affected banks shared the malware with Kaspersky security researchers. The malware consists of two files, the exe.exe file, and the dll.dll file. In order to install the ATMii on ATMs, the attacker needs direct access to the target ATM (either over the network or physically) to install it.

According to Kaspersky:
“ATMii was first brought to our attention in April 2017, when a partner from the financial industry shared some samples with us. The malware turned out to be fairly straightforward, consisting of only two modules: an injector module (exe.exe, 3fddbf20b41e335b6b1615536b8e1292) and the module to be injected (dll.dll, dc42ed8e1de55185c9240f33863a6aa4). To use this malware, criminals need direct access to the target ATM, either over the network or physically (e.g. over USB). ATMii, if it is successful, allows criminals to dispense all the cash from the ATM.”

ATMii is yet another instance of how crooks can use legitimate proprietary libraries and a small piece of code to drain cash from an ATM. Some appropriate countermeasures against such attacks are default-deny policies and device control.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!