ATM Jackpotting – Cutlet Maker Malware Spike Around the World to Spit the Cash From ATM

Researchers discovered a new track of ATM jackpotting attack through infamous ATM malware called “Cutlet Maker” which is now rapidly growing up around the world.

Cutlet Maker malware specially designed to spit the cash from an ATM machine without using a debit card and the malware initially attack ATM ‘s in Germany in 2017. In which attackers stole millions of dollars from various ATM centers.

The attack referred to as ATM jackpotting where attacker uses malware like Cutlet Maker or piece of hardware to trick the ATM by taking advantage of vulnerability or misconfiguration to ejecting the cash from an ATM.

GBHackers previously reported that the ATM malware like Cutlet Maker being advertising in the underground hacking forum to compromise the ATM machine by exploiting the vulnerabilities that reside in the ATM controller.

The price of the malware kit was 5000 USD at the time of research. It includes details such as the required equipment, targeted ATMs models, as well as tips and tricks for the malware’s operation. And part of a detailed manual for the toolkit was also provided.

 We reported several ATM malware attacks in the last two years including KoffieMaker that used by cybercriminals to steal money from ATM by connecting a laptop with the ATM machine cash dispenser, ATMJackpot that steal the data related to the cash dispenser, PIN pad, and card reader information.

Since then the first Cutlet Maker ATM malware attack spotted, now hackers continuously targeting other countries including U.S., Latin America, and Southeast Asia and it target the specific bank and ATM manufacturers. 

In another case, “Officials in Berlin said they had faced at least 36 jackpotting cases since spring 2018 and authorities have recorded 82 jackpotting attacks in Germany across different states in the past several years, resulting in several thousand Euro being stolen. They declined to name the specific malware used.”

According to Motherboard report  “It’s important to remember ATM jackpotting is not limited to a single bank or ATM manufacturer, though. It is likely the other attacks impacted banks other than Santander; those are simply the attacks our investigation identified.”

ATM jackpotting attack is familiar for very old, slow machines and the machine that didn’t get the proper security updates are the sources familiar with ATM attacks.

According to European Payment Terminal Crime Report for first half of 2019 “ATM malware and logical attacks against ATMs were down 43% (from 61 to 35) and all bar one of the reported ‘jackpotting’ attacks are believed to have been unsuccessful in Europe. Malware was used for 3 of the attack attempts and the remainder were ‘black box’ attacks.”

But other sources familiar with ATM attacks said jackpotting attacks are increasing in worldwide in this year.

In order to execute a jackpotting attack, hackers need to access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates


BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…

2 days ago

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…

2 days ago

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…

2 days ago

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…

2 days ago

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…

2 days ago

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…

2 days ago