Thursday, October 10, 2024
HomeComputer SecurityMalicious Hackers Steal Money From ATM by Connecting Laptop with ATM Cash...

Malicious Hackers Steal Money From ATM by Connecting Laptop with ATM Cash Dispenser

Published on

The researchers discovered a dangerous black box attack tool called “KoffeyMaker” which is used by cybercriminals to steal money from ATM by connecting a laptop with the ATM machine cash dispenser.

An atm-based attack is discovered often around the world in the various form of operation by cybercriminals with sophisticated tools and they employing new tactics and techniques.

These incidents have been notified in European banks and they frequently reported in attacks since they were unclear how did this happen in their ATM.

- Advertisement - EHA

After the detailed investigation was done by Kaspersky security research team confirmed that they were dealing with a black box attack.

Black box attack refers that cybercriminals opened the ATM and connect their laptop with the cash dispenser and simply leave the device inside.

This crime scene indicates that the “crime instrument” to be a laptop with ATM dispenser drivers and a patched KDIAG tool.

Later attacker gains the remote access through USB GPRS modem and they are using windows OS with XP, ME, or 7.

Cash out from ATM moments

Once everything goes well then cybercriminals returned to the ATM and pretending to normal ATM users in order to run the KDIAG tool by accomplished a remote connection with the laptop.

Later they provide an instructions to the dispenser to issue the cashout form ATM machine and they will retrieve the laptop on a later moment.

               ATM dispenser connected to a computer without the necessary drivers
According to Kaspersky, The whole operation could well be done solo, but the scheme whereby a “mule” handles the cash and ATM side, while a second “jackpotter” provides technical support for a share of the loot, is more common. 

Hardware encryption between ATM PC and its dispenser will be the better solution to prevent such attack but if it fails single ATM can spit out tens of thousands of dollars.

This attack is very similar to the earlier ATM based attack Cutlet Maker used by this new tool and Kaspersky Lab products detect as RiskTool.Win32.DIAGK.a and same tools used for various bank robbers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

Europe’s Most Wanted Teenage Hacker Arrested

Julius “Zeekill” Kivimäki, once Europe's most wanted teenage hacker, has been arrested.Kivimäki, known for his involvement with the notorious Lizard Squad,...