ATMii worm allows you to steal money from ATMs

Image: William Grootonk , CC BY-SA 2.0

The SC Magazine publication told about the discovery of a new family of malicious software for ATMs, with the help of which attackers can steal all the money stored in them. The worm was named ATMii - its victims are devices based on Windows 7 and Vista.

ATMii activity was first reported in April 2017. Researchers from Kaspersky Lab, who discovered the malware, noted the simplicity of its device - the worm consists of only two modules: the first implements the second, which performs unauthorized actions. The injection module is a simple command line application in Visual C.
')
In order to infect an ATM, hackers need direct access to it - network or physical (via USB). After installing the worm from an ATM, you can steal all the funds stored in it.

In order to protect their ATMs, financial institutions should configure a ban on launching third-party code and disable the ability to work with flash drives.

Such attacks on ATMs are called logical - attackers who choose this method do not steal user bank card data, do not take an ATM in a pickup truck to saw it in a garage, and do not even blow it up. They transfer commands to the equipment of the ATM and, without causing him physical damage, start the process of issuing money.

On Thursday, October 19, at 14:00 , Positive Technologies information security researchers Vadim Soloviev and Yaroslav Babin will hold a free webinar, where they will talk about the current security level of ATM, discuss ways of getting control over the ATM system by attackers and analyze attack scripts using examples from their own experience in areas of ATM security analysis and investigation of information security incidents.

The webinar is intended for information security and IT professionals working in banks, as well as for vendors producing or supplying ATMs and their means of protection.

To participate in the webinar you need to register .