We reported last week that Microsoft is scheduled to retire the legacy Windows XP platform on April 8. By that time, around 10 percent of millions of government computers will still run the old operating system.
Also, 95 percent of ATMs worldwide will remain stuck to Windows XP after the deadline, according to statistics. And there’s the rub. An improvised malware has been spotted by researchers from Symantec to be the culprit of an ongoing online banking heist. Dubbed Backdoor.Ploutus.B, the malware targets ATMs by enabling cybercriminals to send an SMS to the compromised machine and run away with the stolen cash.
How is it possible?
Criminals connect a mobile phone to the internal system of the ATM using a USB tethering system in order to remotely maneuver the machine through a shared Internet connection. When this is done, the Ploutus is installed on the machine and the phone is activated by a connectivity established with the ATM.
Criminals can then transmit command messages to the phone hidden inside the ATM, which works to identify incoming messages in required format and create a network packet out of that message to be forwarded to the ATM via the USB setup. There are two messages to be sent, the first serving to activate the phone and the second to allow the criminal to command pre-determined cash withdrawals.
The malware is nothing new, however. It started last year in Mexico, but operated in a rather bulky setup. An external keyboard needed to be attached to the ATM to extract cash. Backdoor.Ploutus has been upgraded into the English language, showing how cyber criminals have expanded the malware worldwide.
Still, this online bank theft is not unprecedented. Some years back, skimmers already were in action. It was not until December in 2009 when a skimmer device was found attached to a Citibank ATM in California. The malicious hardware was made to replace the mouth of an ATM to swipe confidential credit card data when it a user slipped it into the machine to withdraw cash. This was happening without the card owner knowing his card information was being electronically replicated.
As cyber crime never cease to evolve into their more complex forms, there must be something that the users, banking industry and authorities must do to address the threats. One is cyber-intelligence sharing between countries to detect the criminals at large. Implementation of full encryption will also help to prevent fraud and tampering of machines.
Leave a Reply