This is how the new ‘malwares’ ability to extract cash from the atm


  • Kaspersky alert that the atms continue to be “very lucrative” for the crooks.
  • The last detected was sold on the ‘darkweb’ AlphaBay.
  • Are able to infect the PC that is used for that atm.
  • sold in ‘kits’ and even tutorials to learn how to use them.


The company’s cyber security Kaspersky Lab has detected a malware specialized in the infection of the PC that is used for the operation of automated teller machines (ATM). This virus was for sale in the market of the ‘darkweb’ AlphaBay, along with a full tutorial with instructions to make it work.

through a statement, the signature Russian has warned that the atms continue to be “very lucrative” for criminals, because the infection of these devices with malware facilitates the handling of cash from the inside.

Although these malicious tools take time in circulation, Kaspersky Lab has stated that the creators are investing, “number of resources” in doing this malware can be in the scope of other criminals who are less familiar with computer technology.

Thus, the business of cybersecurity was detected at the beginning of this year, through one of its partners, a malware up to that time unknown, and who presumably had been prepared with the intention of infect the PC that is used for atm to be able to perform its function.

The analysts of the signature Russian found in AlphaBay, a very popular place of the ‘darkweb’, an ad that described a type of malware for ATMs and that coincided with the searched item. This announcement revealed that this virus belonged to a ‘kit’ of malware commercial created to be made with the money stored in the teller.

A public message to the seller containing not only the description of the malware and instructions on how to get it, “but also offered every a detailed guide of how it should be used the ‘kit’ to carry out attacks, with instructions and up video tutorials“.

A malware that consists of multiple ‘parts’

According to the results of the research, it was found that the set of the malware was made up of the software Cutlet Maker, which serves as the main module responsible for the communication with the cash dispenser; the program c0decalc, designed to generate passwords, and make it work Cutlet Maker, as well as protect them from unauthorized use; and the application Stimulator, which allows you to save time on the criminals thanks to the identification of the situation of the chests or containers of cash, as well as the identification of those with the greatest amount of money.

in order To begin to steal, the criminals need to have direct access to the inside of the atms and thus to be able to connect a USB device with the software. As first step, the criminals installed Cutlet Maker. As there is a password protected, use the program cOdecalc, installed on another device.

This key is a kind of copyright protection, installed by the authors of Cutlet Maker, to prevent other criminals from using it free of charge. After the code is generated, the criminals entered in the interface Cutlet Maker, and start the extraction of funds.

Cutlet Maker is in the market since the 27th of march, although according to Kaspersky Lab, analysts had already begun to follow in June 2016, when he was identified in a public service multiescáner of Ukraine, but later came new cases from other countries.

it Is unknown whether the malware had been used previously, but the instructions that were included in the ‘kit’ containing videos that were presented by their authors as evidence of its efficiency. It is not known who is behind this malware, but the language, grammar, and errors of style in the texts of the ‘kit’ suggest that their potential vendors are people, whose native language is not English.

The principal security analyst for Kaspersky Lab, Konstantin Zykov, has explained that Cutlet Maker does not require the criminal to have a technical knowledge advanced computer or professional, what allows the hacking of an ATM “pass to be an offensive operation sophisticated to another illegal way more to steal money, and within the reach of practically everyone who has a few thousand dollars to buy the malware”.

In that sense, Zykov has been added that it is “a threat potentially very dangerous for financial institutions”, since while it operates, this program finds no security element is prevented.

To protect atms, Kaspersky Lab specialists have recommended to the security teams of organizations that implement by default a policy “very strict” refusal, allow for mechanisms of control that restrict the connection to the ATM of any unauthorized device, and use a solution-specific security.


This is how the new ‘malwares’ ability to extract cash from the atm
Source: english  
November 5, 2017

Next Random post