In the past criminals used card skimmers to steal debit card numbers and then steal the debit cards to get money.Now due to the technology advancement they use specialized malwares to withdraw cash without using the card.
This malware was detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin ,affects ATMs running 32-bit Microsoft Windows platforms.Criminals use bootable CD to install malware.It is only active at a specific time on Sunday and Monday nights.Without inserting a card they type a combination of numbers to get unique random number. Then they need a session key generated for every session based on the random number.(without this key nobody can interact with infected ATM.)They get session key from another one who knows the algorithm and able to generate session key based on the number shown via phone.After entering the session key correctly ATM displays details of how much money available in each cash cassette.Then they choose the cassette to rob and ATM dispenses 40 money notes from the selected cassette.
Infected ATMs display after entering correct session key
Post a Comment