A newly discovered computer malware — Winpot — could be used by cybercriminals to automatically withdraw customers’ money from Automated Teller Machines, ATMs.
The discovery was made by the global cybersecurity firm Kapersky Lab, which warned that the malware was designed to look like slot machine and could be further modified this year by the fraudsters.
A modified Winpot Malware would trick ATM security systems by tricking into overcoming potential ATM limitations and keeping the money dispensing.
“IN MARCH 2018, WE CAME ACROSS A FAIRLY SIMPLE BUT EFFECTIVE PIECE OF MALWARE NAMED WINPOT. IT WAS CREATED TO MAKE ATMS BY A POPULAR ATM VENDOR TO AUTOMATICALLY DISPENSE ALL CASH FROM THEIR MOST VALUABLE CASSETTES. WE CALLED IT ATMPOT. THE CRIMINALS HAD CLEARLY SPENT SOME TIME ON THE INTERFACE TO MAKE IT LOOK LIKE THAT OF A SLOT MACHINE. LIKELY AS A REFERENCE TO THE POPULAR TERM ATM-JACKPOTTING, WHICH REFERS TO TECHNIQUES DESIGNED TO EMPTY ATMS.”
Describing how the malware is used, analysts at Kaspersky said, “In the WinPot case, each cassette has a reel of its own, numbered one to four (four is the maximum number of cash-out cassettes in an ATM) and a button labelled ‘spin’.
“AS SOON AS YOU PRESS THE SPIN BUTTON, THE ATM STARTS DISPENSING CASH FROM THE CORRESPONDING CASSETTE. DOWN FROM THE SPIN BUTTON, THERE IS INFORMATION ABOUT THE CASSETTE SUCH AS THE BANK NOTE VALUE AND THE NUMBER OF BANK NOTES IN THE CASSETTE. THE SCAN BUTTON RESCANS THE ATM AND UPDATES THE NUMBERS UNDER THE SLOT BUTTON, WHILE THE STOP BUTTON STOPS THE DISPENSING IN PROGRESS.”
In the meantime, the only way banks can protect their customers money from being stolen by the fraudsters is to “have a device control and process white-listing software running on it.” This would help to block the USB path used by the fraudsters to implant the malware into the ATM PC, as well as forestall the execution of any unauthorised software on it.” (Nairametrics)
