Texting ATMs for Cash Shows Cybercriminals’ Increasing SophisticationMarch 25, 2014 – 6:31 PM
There is a growing chorus of voices calling for businesses and home users to upgrade existing Windows XP installations to newer versions of Windows, if not for the features, then at least for the improved security and support. ATMs are basically computers that control access to cash, and as it turns out, almost 95 percent of them run on versions of Windows XP. With the looming end-of-life for Windows XP slated for April 8, 2014, the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet. This risk is not hypothetical — it is already happening. Cybercriminals are targeting ATMs with increasingly sophisticated techniques.
In late 2013, we blogged about new ATM malware in Mexico, which could let attackers force ATMs to spew cash on demand using an external keyboard. That threat was named Backdoor.Ploutus. Some weeks later, we discovered a new variant which showed that the malware had evolved into a modular architecture. The new variant was also localized into the English language, suggesting that the malware author was expanding their franchise to other countries. The new variant was identified as Backdoor.Ploutus.B (referred to as Ploutus throughout this blog).
What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible but this technique is being used in a number of places across the world at this time.
In this blog, we will show you how this functionality works.