• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Write for Us
  • Contact
  • Advertise
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

As Windows XP Retirement looms, ATMs become more vulnerable to malware

Updated on Mar 26, 2014 by Guest Authors

We reported last week that Microsoft is scheduled to retire the legacy Windows XP platform on April 8. By that time, around 10 percent of millions of government computers will still run the old operating system.

Also, 95 percent of ATMs worldwide will remain stuck to Windows XP after the deadline, according to statistics. And there’s the rub. An improvised malware has been spotted by researchers from Symantec to be the culprit of an ongoing online banking heist. Dubbed Backdoor.Ploutus.B, the malware targets ATMs by enabling cybercriminals to send an SMS to the compromised machine and run away with the stolen cash.

How is it possible?

malware-atm

Criminals connect a mobile phone to the internal system of the ATM using a USB tethering system in order to remotely maneuver the machine through a shared Internet connection. When this is done, the Ploutus is installed on the machine and the phone is activated by a connectivity established with the ATM.

Criminals can then transmit command messages to the phone hidden inside the ATM, which works to identify incoming messages in required format and create a network packet out of that message to be forwarded to the ATM via the USB setup. There are two messages to be sent, the first serving to activate the phone and the second to allow the criminal to command pre-determined cash withdrawals.

The malware is nothing new, however. It started last year in Mexico, but operated in a rather bulky setup. An external keyboard needed to be attached to the ATM to extract cash. Backdoor.Ploutus has been upgraded into the English language, showing how cyber criminals have expanded the malware worldwide.

Still, this online bank theft is not unprecedented. Some years back, skimmers already were in action. It was not until December in 2009 when a skimmer device was found attached to a Citibank ATM in California. The malicious hardware was made to replace the mouth of an ATM to swipe confidential credit card data when it a user slipped it into the machine to withdraw cash. This was happening without the card owner knowing his card information was being electronically replicated.

As cyber crime never cease to evolve into their more complex forms, there must be something that the users, banking industry and authorities must do to address the threats. One is cyber-intelligence sharing between countries to detect the criminals at large. Implementation of full encryption will also help to prevent fraud and tampering of machines.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Roborock S7 Robot Vacuum & Mop Review – Great But Still Not Perfect

Phomemo PM-246 Pro Thermal Label Printer Review – Huge Savings for Online Sellers

Autonomous ErgoStool Review – You Probably Don’t Need Backrest

Why I Bought the 2nd Autonomous Kinn Chair with Mesh?

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Roborock S7 Robot Vacuum & Mop Review – Great But Still Not Perfect
  • Phomemo PM-246 Pro Thermal Label Printer Review – Huge Savings for Online Sellers
  • 59S Handheld UV light Sterilizer Wand (X5) Review
  • 360 S9 Robot Vacuum and Mop Review – More Affordable LiDAR Robot

Copyright © 2021 ยท All Rights Reserved