Monday, November 4, 2024
HomeComputer SecurityATM Robber Malware Turns ATM into Slot Machine to Dispense Cash Automatically

ATM Robber Malware Turns ATM into Slot Machine to Dispense Cash Automatically

Published on

Malware protection

ATM hijacking malware dubbed WinPot turns the ATMs into a slot machine, which starts dispensing the cash based on SPIN button.

Security researchers from Kaspersky observed the emergence of the WinPot malware, the malware appeared first in the underground markets in March 2018.

Threat actors designed the malware to automatically dispense the cash automatically form the valuable cassettes, researchers call it as ATMPot.

- Advertisement - SIEM as a Service
WinPot

WinPot

Attackers designed a clear slot machine-like interface with cassette numbered between 1 to 4 and with a button named SPIN, as soon as the SPIN button is pressed the ATM starts dispensing cash associated with the cassette.

Along with the SPIN button, the interface contains another SCAN button that scans the ATM and update the slots. “We found WinPot to be an amusing and interesting ATM malware family, so we decided to keep a close eye on it”, reads secure list blog post.

The threat actors behind WinPot constantly updating the new samples with modification to evade detection and to track the ATM machines.

The malware also available in underground markets for sale and the price varies between 500 – 1000 USD. Another seller advertised WinPot v.3 along with demo videos and the unidentified called ShowMeMoney, researchers assume that is a new name of WinPot.

WinPot

The ATM cash-out malware mechanism remains the same, but the cybercriminals bring many new modifications.

  • To trick the ATM security systems.
  • To overcome potential ATM limitations.
  • To find ways to keep the money mules from abusing their malware.
  • To improve the interface and error-handling routines.

“We thus expect to see more modifications of the existing ATM malware. The preferred way of protecting the ATM from this sort of threat is to have device control and process whitelisting software running on it,” Kaspersky says.

Related Read

Bank Software Cheif Jailed For Finding a Way to withdraw $1M Free Cash From ATM

Malicious Hackers Steal Money From ATM by Connecting Laptop with ATM Cash Dispenser

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...