• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

As Windows XP Retirement looms, ATMs become more vulnerable to malware

Updated on Mar 26, 2014 by Guest Authors

We reported last week that Microsoft is scheduled to retire the legacy Windows XP platform on April 8. By that time, around 10 percent of millions of government computers will still run the old operating system.

Also, 95 percent of ATMs worldwide will remain stuck to Windows XP after the deadline, according to statistics. And there’s the rub. An improvised malware has been spotted by researchers from Symantec to be the culprit of an ongoing online banking heist. Dubbed Backdoor.Ploutus.B, the malware targets ATMs by enabling cybercriminals to send an SMS to the compromised machine and run away with the stolen cash.

How is it possible?

malware-atm

Criminals connect a mobile phone to the internal system of the ATM using a USB tethering system in order to remotely maneuver the machine through a shared Internet connection. When this is done, the Ploutus is installed on the machine and the phone is activated by a connectivity established with the ATM.

Criminals can then transmit command messages to the phone hidden inside the ATM, which works to identify incoming messages in required format and create a network packet out of that message to be forwarded to the ATM via the USB setup. There are two messages to be sent, the first serving to activate the phone and the second to allow the criminal to command pre-determined cash withdrawals.

The malware is nothing new, however. It started last year in Mexico, but operated in a rather bulky setup. An external keyboard needed to be attached to the ATM to extract cash. Backdoor.Ploutus has been upgraded into the English language, showing how cyber criminals have expanded the malware worldwide.

Still, this online bank theft is not unprecedented. Some years back, skimmers already were in action. It was not until December in 2009 when a skimmer device was found attached to a Citibank ATM in California. The malicious hardware was made to replace the mouth of an ATM to swipe confidential credit card data when it a user slipped it into the machine to withdraw cash. This was happening without the card owner knowing his card information was being electronically replicated.

As cyber crime never cease to evolve into their more complex forms, there must be something that the users, banking industry and authorities must do to address the threats. One is cyber-intelligence sharing between countries to detect the criminals at large. Implementation of full encryption will also help to prevent fraud and tampering of machines.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

DREO ChefMaker Combi Fryer Review – Experience Restaurant-Quality Meals

XGODY Sail1 Projector: A Comprehensive Review

Hoover SmartWash Pet Complete Automatic Carpet Cleaner: A Comprehensive Review

TORRAS COOLIFY 2S Neck Air Conditioner Review – A Revolution in Personal Comfort

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • DREO ChefMaker Combi Fryer Review – Experience Restaurant-Quality Meals
  • XGODY Sail1 Projector: A Comprehensive Review
  • Ryobi RY401180 40V HP Brushless 20″ Self-Propelled Mower Review: The Best-Selling Lawn Mower
  • Morus Zero Portable Clothes Dryer Review – A Compact Powerhouse in Laundry Technology

Copyright © 2023 ยท All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}