Friday, January 24, 2025
HomeSecurity NewsATMJackpot - New ATM Malware Steal Your Money From ATM using ATM...

ATMJackpot – New ATM Malware Steal Your Money From ATM using ATM Jackpotting Technique

Published on

SIEM as a Service

Follow Us on Google News

New ATM Malware called ATMJackpot that is capable of dispensing large amounts of cash from the ATM Machine using ATM Jackpotting method.

Previously discovered ATM Jackptting Malware compromise the ATM by installing the malicious software and sophisticated hardware to pull out the cash.

Based on the Binary, researchers discovered this ATM malware originated from Hong Kong as 28th March 2018.

A few Months before sophisticated ATM skimming called “Shimmers”  targeted chip-based credit and Debit cards to steal your entire card information form POS(Point-of-sale) terminal.

Also, Attackers inject an another ATM Malware called Ploutus.D inject into the ATM machine and performing various Task

This newly Spreading ATM malware has a smaller footprint with a kind of small simple graphical user interface.

a simple graphical user interface

This Malware interface contains hostname along with the service provider information such as cash dispenser, PIN pad, and card reader information.

How Does This ATM Malware Works 

This ATM Malware propagates via physical access by an attacker using USB and also spreading via a network by downloading the malware on to already-compromised ATM machines.

Initially, windows class name called ‘WIN’ registered by the ATMJackpot malware that leads to handle all the malware activities.

According to netskope,  After registering a window class, the malware creates the window, populates the options on the window, and initiates the connection with the XFS manager

Later ATMJackpot malware starts it monitoring an operation of the events from different service providers and finally execute commands.

It using  3 Different commands to perform its malicious operation in the targeted ATM

1.Malware reads the data from PIN pad asynchronously using WFSAsyncExecute API

Read data from PIN Pad

2.Malware has the functionality to dispense cash

Dispense cash

3.Malware also has the functionality to eject the card

Eject ATM card

You can Also check the  Advanced ATM Penetration Testing Methods that help prevent the ATM Based Attacks.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

Beware of Fake Captcha Verifications Spreading Lumma Malware

In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA...

KEYPLUG Infrastructure Exposed: Server Configurations and TLS Certificates Revealed

In a recent technical investigation, researchers uncovered critical insights into the infrastructure linked to...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

North Korean Hackers Stolen $2.2 Billion From Crypto Platforms In 2024

Cryptocurrency hacking incidents in 2024 surged 21.07% YoY to $2.2 billion, with 303 breaches...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...