General Bytes Bitcoin ATM servers have been exploited by hackers in order to steal cryptocurrency from their customers as a result of a zero-day vulnerability.
Whenever cryptocurrency was deposited or purchased via the ATM, hackers would take advantage of the situation in order to siphon off the funds.
General Bytes manufactures Bitcoin ATMs that are capable of purchasing and selling over 40 different cryptocurrencies, depending on the model.
There is a CAS that controls the Bitcoin ATMs remotely, enabling the following functions:-
The CAS software was vulnerable to this zero-day vulnerability since it was released in version 20201208. On August 18th, General Bytes published a security advisory that outlined the following:-
“As part of the attacks, the company’s CAS was exposed to a zero-day vulnerability, which was exploited by the attacker.”
A URL call on the page granted the attacker access to the CAS administrative interface, where the hacker was able to create an admin user remotely. A default installation is performed on this page, along with the creation of the first administrator account on the server.
A scan for any exposures of servers running on any of the following TCP ports was conducted by the threat actors on the internet:-
The servers at Digital Ocean as well as the servers hosted at General Bytes’ own cloud services are also included in this list.
A default admin user named ‘gb’ was then added to the CAS as a result of exploiting this bug by the threat actors. Then the hacker modified the following things:-
There are two recent server patch releases from General Bytes which need to be applied to customers’ servers before they can begin using their Bitcoin ATMs:-
Until then, security analysts have strongly urged users to not operate Bitcoin ATMs.
Here below, we have mentioned all the recommendations:-
Also Read: The Rise of Remote Workers: A Checklist for Securing Your Network – Free E-Book Download
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…