Tuesday, May 28, 2024

Malicious Hackers Steal Money From ATM by Connecting Laptop with ATM Cash Dispenser

The researchers discovered a dangerous black box attack tool called “KoffeyMaker” which is used by cybercriminals to steal money from ATM by connecting a laptop with the ATM machine cash dispenser.

An atm-based attack is discovered often around the world in the various form of operation by cybercriminals with sophisticated tools and they employing new tactics and techniques.

These incidents have been notified in European banks and they frequently reported in attacks since they were unclear how did this happen in their ATM.

After the detailed investigation was done by Kaspersky security research team confirmed that they were dealing with a black box attack.

Black box attack refers that cybercriminals opened the ATM and connect their laptop with the cash dispenser and simply leave the device inside.

This crime scene indicates that the “crime instrument” to be a laptop with ATM dispenser drivers and a patched KDIAG tool.

Later attacker gains the remote access through USB GPRS modem and they are using windows OS with XP, ME, or 7.

Cash out from ATM moments

Once everything goes well then cybercriminals returned to the ATM and pretending to normal ATM users in order to run the KDIAG tool by accomplished a remote connection with the laptop.

Later they provide an instructions to the dispenser to issue the cashout form ATM machine and they will retrieve the laptop on a later moment.

               ATM dispenser connected to a computer without the necessary drivers
According to Kaspersky, The whole operation could well be done solo, but the scheme whereby a “mule” handles the cash and ATM side, while a second “jackpotter” provides technical support for a share of the loot, is more common. 

Hardware encryption between ATM PC and its dispenser will be the better solution to prevent such attack but if it fails single ATM can spit out tens of thousands of dollars.

This attack is very similar to the earlier ATM based attack Cutlet Maker used by this new tool and Kaspersky Lab products detect as RiskTool.Win32.DIAGK.a and same tools used for various bank robbers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting...

Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript

Google has released a patch for a zero-day exploit in its Chrome browser.The...

Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack

State-sponsored hackers recently exploited vulnerabilities in MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE).They...

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles