iTnews
  • Home
  • News
  • Technology
  • Security

Malware detected that allows a hacker full control over an ATM

By Dan Raywood on Jun 5, 2009 11:39AM

Advanced malware that allows full control over an ATM through a customised user interface has been detected.

An investigation by Trustwave's SpiderLabs performed an analysis of malware found installed on compromised ATMs in Eastern Europe. It found that the malware is able to capture magnetic stripe data and PIN codes from the private memory space of transaction-processing applications installed on a compromised ATM.

 

It revealed that the interface is accessible by inserting controller cards into the ATM's card reader. Analysts at SpiderLabs do not believe that the malware includes networking functionality that would allow it to send harvested data to other remote locations via the internet.

However they do believe that the malware allows for the output of harvested card data via the ATM's receipt printer or by writing the data to an electronic storage device (possibly using the ATM's card reader).

The analysts also discovered code that indicates that the malware could eject the cash dispensing cassette. They believe that what was identified was a relatively early version of the malware, and that subsequent versions have seen significant additions to its functionality.

Trustwave claimed that the malware is installed and activated through a dropper file by the name of isadmin.exe, and that the binary contains a data resource named ‘packageinfo' which in turn contains the actual malware.

 

Once active, the malware intercepts ATM transactions by injecting code into targeted processes through the binary modification of these processes in memory. The first process targeted by the malware appears to be a system-messaging utility, while the other is a form of ATM software service.

 

Once it resides in the memory, the malware polls the transaction message queue looking for track 2 data from the current transaction. It can then perform a level of validation and manipulation against this track data to determine whether the transaction is the attacker's trigger or controller card or a valid transaction involving track data that the malware collects by recording it in a file.

 

Trustwave said: “Given the impact this malware can have on an infected ATM environment, Trustwave highly recommends all financial institutions with ATMs under management perform analysis of their environment to identify if this malware or similar malware is present.

 
See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
atmcustomisedhackerinterfacemalwaresecurityuser

Partner Content

Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Dan Raywood
Jun 5 2009
11:39AM
0 Comments

Related Articles

  • Crypto crash threatens North Korea's stolen funds
  • Global police operation takes down Flubot infrastructure
  • VMware, F5, Log4j added to EnemyBot attack targets
  • Google adds phishing protection to Workspace apps
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability
PayTo rollout kicks off

PayTo rollout kicks off
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
The security threat of quantum computing
The security threat of quantum computing
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.