Ethical hacking specialists from the security firm Kaspersky reported the discovery of a new malware variant used by hackers to infect ATMs and extract money with illicit transactions in Mexico and some South American territories, such as Colombia.
Kaspersky, which provides cybersecurity
services and has an advanced research program, reported that, after performing
an intensive scan, it identified the mode of operation of the malware,
dubbed ATMJaDi. According to the experts of the firm, the virus focuses on a
perfectly delimited set of ATMs, suggesting that one or more employees of
banking institutions might be involved.
In their report, ethical hacking experts claim
that the malware cannot be controlled via the cashier’s keyboard or touch
screen; instead, hackers should remotely send a series of specially designed
commands to empty the cashier, a practice known as ‘jackpotting‘.
After completing its installation, the malware,
in the form of a Java file, infects the machine and takes control using
commands known by the ATM software. Finally, the malware concludes the infection
by displaying the phrase “Libertad y Gloria” (Freedom and Glory) on the ATMs
screen.
According to the ethical hacking specialists
from the International Institute of Cyber Security (IICS), an intriguing detail
about this malware is that it does not use standard systems such as XFS, JXFS
or CSC, present at most ATMs. Instead, the malware was written in Java
language, something rare in such attacks; however, this technique had already
been identified in previous jackpotting attacks in Latin America.
This method of attack suggests that threat
actors had extensive knowledge of their attack targets before deploying malware
to banking networks.
Finally, experts mentioned that the malware
code was written in English, although it featured multiple markers and lures
written in Russian to try to confuse researchers about the true origin of the
attack; “This was obvious due to the misuse of Russian language used by
hackers”, says Dmitry Bestuzhev, in charge of the investigation.
