Eight arrested over ATM-emptying malware

By on
Eight arrested over ATM-emptying malware

Infected machines hand out 40 notes at a time.

Europol says it has arrested eight members of alleged international cybercrime group believed to be behind a strain of malware used to empty ATMs of their cash.

Using malware dubbed Tyupkin, the suspects were allegedly able to empty cash from ATM machines on demand following the successful installation of a trojan.

Called 'ATM jackpotting', the exploit allowed attackers to empty infected machines by issuing commands via the machine's pin pad.

The malware was identified in 2014 by Kaspersky Lab following a request from a financial institution to investigate multiple attacks in eastern Europe.

At the time of the investigation, Kaspersky reported that it had found the malware on more than 50 ATMs at banks in eastern Europe, but based on listings at VirusTotal, it was convinced that the virus had been deployed in the US, India, China, Russia, Israel, France and Malaysia.

SC Magazine reported in March 2015 that the Russian Ministry of Internal Affairs had made the identification of the Tyupkin malware gang a priority as they targeted an increasing number of ATMs in the country.

Kaspersky said that the attackers were able to install the malware via a bootable CD after gaining physical access to the PC inside the cash dispenser.

The malware enabled users to check the amount of cash in each cash cassette in the machine and dispense up to 40 notes at a time. It also had its own security built in by requiring the user to enter a session key based on a random seed and a secret algorithm before it would accept any commands.

The criminal investigation was conducted by Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism (DIICOT), assisted by Europol, Eurojust and other European law enforcement authorities.

Wil van Gemert, Europol's Deputy Director Operations, said "over the last few years we have seen a major increase in ATM attacks using malicious software. The sophisticated cybercrime aspect of these cases illustrates how offenders are constantly identifying new ways to evolve their methodologies to commit crimes".

Suspects were arrested in their homes across Romania and the Republic of Moldova.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
atm cybercrime europe malware security

Most Read Articles

Aussie Broadband signs 2300 users to cheaper gigabit NBN plans

Aussie Broadband signs 2300 users to cheaper gigabit NBN plans
NBN Co limits gigabit services to just 7 percent of HFC footprint

NBN Co limits gigabit services to just 7 percent of HFC footprint
Aussie Broadband to let business customers self-serve NBN, value-adds

Aussie Broadband to let business customers self-serve NBN, value-adds
NBN Co quotes at least 1200 customers on a switch to full fibre

NBN Co quotes at least 1200 customers on a switch to full fibre
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage
Organizations Increasing Their Adoption of NFV
Organizations Increasing Their Adoption of NFV
Modernise IT by Reducing Your Reliance on AD
Modernise IT by Reducing Your Reliance on AD
The Maturity of Zero Trust in Australia and New Zealand
The Maturity of Zero Trust in Australia and New Zealand

Events

Log In

Username / Email:
Password:
  |  Forgot your password?