A piece of malware targeting automated teller machines ATMs has an interface that looks like a slot machine, Kaspersky Lab reports. Dubbed WinPotthe malware was initially detected in March last year, targeting the ATMs of a popular vendor to make the devices automatically dispense all cash from their most valuable cassettes. Analysis of the malware has revealed a particular focus from the authors on designing the interface, to target the cash-out cassettes in an ATM.
Every cassette has a reel of its own numbered 1 to 4, with a button to dispense the cash and information on bank note value and the number of bank notes inside. Over the past year, Kaspersky Lab has observed multiple WinPot samples, featuring minor modifications, such as a different packer or changed time period during which the malware was programmed to work the malware would silently stop operating if the system time does not fall in with the preset period. Due to its nature, ATM cash-out malware will only see little change to its core functionality, Kaspersky notes.
However, cybercriminals will focus on tricking the ATM security systems and overcoming potential ATM limitations such as maximum notes per dispense. Thus, more modifications of the existing ATM malware are expected. Related : U. Source link. Save my name, email, and website in this browser for the next time I comment.
Cyber Security. Post Views: Ways to Make Eco-pods Relaxing. Awesome Resources talks about the future of Cyber Security.
Microsoft Releases February Security Updates. Please enter your comment! Please enter your name here. You have entered an incorrect email address! Stay connected. Latest article. Five things to do to improve business efficiency Business techbizweb - July 17, 0. You want your company to be as efficient as possible.
So while you may have spent time focusing on certain areas ofA new family of malware known as WinPot is using a slot machine-like interface to empty ATMs at targeted financial institutions. Kaspersky Lab first came across WinPot malware back in March In their resulting analysis, Kaspersky Lab researchers observed that the creators of the malware had designed its interface to look like a slot machine. Intrigued by the threat, Kaspersky Lab decided to keep an eye on its development.
They witnessed the emergence of new samples with some minor modifications; for instance, one newer variant adjusted the time period during which the malware worked, while another came with a changed packer. It also arrives amid the growing variety of attacks involving ATM-based threats. InTrend Micro disclosed that criminals were using network attacks to target ATMs instead of just physically breaking into them.
This tactical shift suggests that criminals are willing to invest more time and effort into conducting their ATM attacks. This revelation demonstrates how threat actors are expanding the reach of their ATM attacks. That being said, criminals must still obtain physical access to an ATM unit to perform a jackpotting operation successfully. Security teams should then broaden this control to cover all IT assets, including mobile devices.
David Bisson is an infosec news junkie and security journalist.
ATM/PoS Malware: How Dangerous Are They?
Security Intelligence. Continue Reading. Press play to continue listening.Researchers analyzed a new malware sample dubbed WinPot which first appeared in underground forums in March The cybercriminals behind the WinPot malware have worked hard on the interface to make it look like that of a slot machine which is likely a reference to the popular term ATM-jackpotting.
While researchers from Kaspersky Lab were analyzing the WinPot sample, they observed more new samples with modifications. A seller of the malware has recently offered WinPot v. The mechanism looks similar to Cutlet Maker malware. The preferred way of protecting the ATM from this sort of threat is to have device control and process whitelisting software running on it.
Write to us at contact cyware. Call Us at Follow us on. Alerts Events DCR. Go to listing page. ATM-jackpotting WinPot malware now features a slot machine interface. Slot machine interface The cybercriminals behind the WinPot malware have worked hard on the interface to make it look like that of a slot machine which is likely a reference to the popular term ATM-jackpotting.
Each cassette has a reel of its own numbered 1 to 4, where 4 is the maximum number of cash-out cassettes in an ATM. Pressing the STOP button stops dispensing cash from the machine. Modifications made to WinPot While researchers from Kaspersky Lab were analyzing the WinPot sample, they observed more new samples with modifications.
WinPot authors make modifications to the malware for the following reasons, New samples with new modifications are made to WinPot in order to trick the ATM security systems. Modifications are made to the malware to detect new methods to keep the money mules from abusing WinPot.
Modifications are made to overcome potential ATM limitations and to improve the interface and error-handling routines. Previous Mississippi hospital struck by phishing attack exposing Breaches and Incidents. Malware and Vulnerabilities. News and Updates, Hacker News - discuss. Download Cyware Social App.Security researchers from Kaspersky observed the emergence of the WinPot malware, the malware appeared first in the underground markets in March Threat actors designed the malware to automatically dispense the cash automatically form the valuable cassettes, researchers call it as ATMPot.
Attackers designed a clear slot machine-like interface with cassette numbered between 1 to 4 and with a button named SPIN, as soon as the SPIN button is pressed the ATM starts dispensing cash associated with the cassette. The threat actors behind WinPot constantly updating the new samples with modification to evade detection and to track the ATM machines. The malware also available in underground markets for sale and the price varies between — USD. Another seller advertised WinPot v.
The ATM cash-out malware mechanism remains the same, but the cybercriminals bring many new modifications. Sunday, July 19, GBHackers On Security. Leave a Reply Cancel reply. Cyber Security Courses. Computer Security. July 12, June 30, June 26, June 25, Load more. All Rights Reserved.Image Courtesy of Pexels. Researchers from Kaspersky Labs have discovered a malware that hijacks ATMs and turns them into slot machines. You can even dispense cash from the infected machines as long as you win!
The WinPot malware was first spotted in forums in March last year. The hackers behind the WinPot malware developed the UI to look like a slot machine.
A visual interface is present with a spin button. Image Courtesy of Kaspersky Labs. WinPot commands a similar price tag as Cutlet Maker and is easily available in dark web forums. ATM machines have become prime targets for cybercriminals with not enough security measures being in place to protect them in many cases. The preferred way of protecting the ATM from this sort of threat is to have device control and process whitelisting software running on it.
Password recovery. Recover your password. Get help. XT4U-Software Report. Let us do the testing for you. Reliable, unbiased reviews to help you find the best software available. We want to spend more time creating awesome content, thus we are NOT interested in responding to pitches or inquiries from people who want to pay us for sponsored posts or similar marketing ideas.
We pride ourselves on the integrity and honesty of our site content! Most Viewed. Trending Now. Experts Weight In.Learn More.ATM malware en la deep web
From remote administration and jackpottingto malware sold on the Darknetattacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of ?
After all, what is one of the primary motives driving cyber criminals? And ATMs are cash hubs—one successful attack can net you hundreds of thousands of dollars. In the past, even high-profile threat actors have made ATMs their prime target.
ATM robber WinPot: a slot machine instead of cutlets
However, attacking ATMs is a bit different from traditional financial-related threats, like phishing emails or spoofed websites. The resulting technical differences means the attack methods differ from those used for traditional endpoints. ATMs also share several common characteristics that make them particularly vulnerable to attacks:. Old software means unpatched vulnerabilities—ones criminals can exploit—and isolated areas makes it easier for criminals to gain physical access to the internal ports of the motherboard.
This is especially typical for the old ATM machines located in many regions with low resources and no budgets for ATM upgrades. When combined, ATMs become not only a highly profitable target—but an easy one. From tothere has been a marked increase in ATM attacks, due to a few families being particularly active.
WinPot Malware Uses Slot Machine-Like Interface to Empty ATMs
To gain a closer look at ATM malware worldwide, we utilized the statistics processed by Kaspersky Security Network KSN over the course of the past three years globally. Russia has had a long history of threat actors targeting financial institutions. The overall increase in the number of devices affected can be attributed to both the reappearance of new ATM malware and the development of new families:.
Overall, the total number of devices affected increased once again. ATMgot operates directly on the ATM using the dispenser to withdraw the maximum number of banknotes allowed; if it cannot do this, it will default to 20 notes. This malware also possesses anti-forensic techniques that allow it to delete traces of the infection from the ATMs, as well as some video files, which could potentially be used as part of video monitoring. The problem of cyberattacks is compounded by the use of outdated and unpatched systems.The administrator of your personal data will be Threatpost, Inc.
The WinPot ATM jackpotting malware is evolving, as its authors look to solve the obstacles that get in their way. The latest is an effort to help ATM hackers, a. Thieves infect ATMs through physical access, i. The USB port is located on the back of the ATM, which the criminals get to by popping open a flange on the front that exposes a hole. The effect is a bit like hitting the jackpot on a slot machine, hence the nickname for this kind of strike. The attacks are usually mounted on standalone ATMs located outside on less-traveled streets, pharmacies, delis, liquor stores and so on, rather than bank ATMs which are likely to be better secured and covered with video recording.
A demo from the seller video shows how WinPot v. Presumably this is to help the thieves know which cassettes are the most valuable in the machine in order to better target their efforts. WinPot was first discovered in March of last year. One notable aspect — and the source of its name — is the fact that the crooks have gone above and beyond to make the interface look and feel a lot like a slot machine.
Down from the SPIN button there is information about the cassette bank note value and the number of bank notes in the cassette. Since appearing in the underground markets, new WinPot samples have popped up, with minor modifications such as an updated time period during which the malware is programmed to work.
Other modifications seen over time include adding protectors to make each new sample unique, in order to trick ATM security systems; changes to overcome ATM limitations such as a limit on maximum notes allowed per dispense; protections against money mules abusing the malware; and updates to improve the interface and error-handling routines.
At the same time, the U. Secret Service issued a warning that these kinds of attacks were set to ramp up in the U. A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed. Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial. Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community.
This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
Newsletter Subscribe to our Threatpost Today newsletter Join thousands of people who receive the latest breaking cybersecurity news every day. I agree to my personal data being stored and used to receive the newsletter.
I agree to accept information and occasional commercial offers from Threatpost partners. This field is for validation purposes and should be left unchanged. Author: Tara Seals. February 19, pm.
Share this article:. The WinPot malware takes its cues from slot machines. It is therefore likely that WinPot will continue to update and flourish. Subscribe to our newsletter, Threatpost Today!