Friday, October 27, 2017

Dark Web Site Selling ATM Malware

Wapack Labs observed ATM malware being sold on a dark web site. The malware targets all models of Wincore Nixdorf ATMs. The website explains that the Wincore 200xe ATMs are the easiest cash machines to exploit. The malware currently costs $1500.00 in Bitcoin for the first month (beginning 15 October 2017). After the first month, the ‘registration’ fee will be doubled. $1500.00 buys the buyer one credit, which is valid for a one time use on one ATM. To execute the attack users must log-in to their account on the website and receive a code (for one credit). The malware will then show the attacker the amount of cash in each money cassette that resides inside the ATM. The malware will then bypass the normal ATM system processes and the ATM will dispense all the bills in a desired cassette. The website also provides video links on their Tor site, demonstrating the method to fraudulently withdraw money, along with a free 10-page step-by-step Word document which explains how to use the malware. This guide describes in detail the tools required, software instructions, and details referencing different types of ATMs. This includes how the ATMs operate and how to find the interior USB ports...READ MORE

Wapack Labs has cataloged and reported on ATM malware in the past. An archive of related reporting can be found in the Red Sky Alliance portal.
  
WWW.WAPACKLABS.COM