Just a week ago, Kaspersky stated that criminals are infecting ATM machines with Tyupkin Malware in order to steal millions of dollars from banks around the world.
There have been around 50 ATM machines that were robbed in the eastern part of Europe and robbers have also attacked other countries like India, China and the U.S. which is according to a report gathered by the Virus Total of Google.
After a forensic investigation was conducted about the attacks, it was found that the stealing required for the crooks to first gain physical access to the automated teller machines so that they can install bootable CDs in them. Once the installation completes, a system reboot is done so that the ATM infected with the Tyupkin Malware will be then under the control of an infinite loop which waits for the crooks’ next command.
According to Kaspersky, it does seem like the criminals have carefully planned the robbing of ATM machines in different parts of the world because the scam is very difficult for the authorities to spot. The Tyupkin Malware accepts commands at specific times of the nights only from Sunday to Monday. During the hours specified by the crooks, they are able to rob a lot of money from the infected ATM machine.
When a member of the gang drops by the infected ATM machine, he will see a special digit combination on the screen that he would pass on to another crook over the phone. This contact person is someone who is knowledgeable about the algorithm required to produce a session key. Once the key is entered to the machine, the ATM will show details as to how much money is in every cash cassette and allow the operator to pick one. After the crook makes a choice, 40 notes are then dispensed.
Kaspersky Principal Security Researcher Vicente Diaz believes that there is a possibility that the crooks have connection to a person working in the bank that it robs.
The Kaspersky Lab says that banks should take a look at the physical security of their ATM machines given that the crooks using Tyupkin Malware in robbing them of a lot of money seems to have been continuing their operations. If possible, banks should change their Bios passwords and see to it that the machines have the most effective antivirus installed in them to protect their systems.