Jackpotting malware

Introduction

Jackpotting malware is not well known because it exclusively targets automated teller machines (ATMs). This means it usually doesn’t directly affect a large number of people. However, this type of malware may seriously harm the reputation and the financial stability of the banks owning the hacked ATMs. 

For example, between February and November 2017, at least 10 jackpotting attacks were conducted in the German state of North Rhine-Westphalia. As a result of those attacks, hackers stole 1.4 million EUR (about $1.5 million).

Before proceeding with the examination of jackpotting malware, we need to clarify the term “jackpotting malware.” In simple words, it means malware which allows fraudsters to force ATMs to dispense cash without reflecting the withdrawal transactions in any bank accounts.

In this article, we will examine two of the most widely known types of jackpotting malware, Ploutus and Cutlet Maker. We will also look at the operation of jackpotting malware and provide recommendations on how banks can protect against it. 

Ploutus and Cutlet Maker

Ploutus was first discovered in Mexico in 2013. The first version of Ploutus had to be installed on an ATM machine by inserting a CD in the ATM’s CD-ROM. The 2014 version, called Backdoor.Ploutus.B, relied on distribution through a mobile phone. Such a distribution is also known as USB tethering. 

In 2016, the creators of Ploutus released a new version called Ploutus-D. Ploutus-D can be installed by gaining physical access to the top portion of the respective ATM. Ploutus-D exists in various modifications that allow it to run on machines of 41 different ATM vendors in 80 countries. A representative of the security firm FireEye called Ploutus-D “one of the most advanced ATM malware families we’ve seen in the last few years.”

Cutlet Maker (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/1cA1hH6av-Q/