I reported about various ATM hacks, in which hackers use cloned or theft cards at the door and loot the cash easily, but this time hackers found something different, they actually now able to loot cash without any of the ATM Card.

One of the security firm named Kaspersky Lab from Moscow reported about this new flaw of the ATM on its blog, explaining about the ATM scams on the rise worldwide.

Russia is at the No.1 in this ATM Scam and 2nd one is United States.

How hackers cracking the Machines?
Hackers able to get inside the ATM Machines by unlocking an ATM’s enclosure (By default master key,) and then infect the machine with a CD that contains a piece of malware known as Backdoor.MSIL.Tyupkin. After some days, attacker or Hacker returns to the ATM machine and use Tyupkin to dispense up to 40 bills without the need for verification.

Which ATMs are infected?
You can’t find out yourself manually, but the ATMs admin knows this for sure, as the virus able to infect machines running Windows 32-bit operating system. Furthermore, Tyupkin accepts commands only in the dead of night on certain days of the week, keeping the exploit well-hidden most of the time.

For a successful run of the program, he or she needs a special PIN, which is generated via an algorithm unique to the malware. After that, one can able to withdraw 40 bills at a time directly from the ATM: no user account required.

Are you affected by this Hack Attack on ATMs?
Nope, this is not possible, as the ATM is vulnerable, Not your account, so users who do use machines on daily basis no need to worry about the hack.

Banks can catch the hackers via security cameras, as the Attacker needs to be on the spot for installing or withdrawing the money. As banks not able to arrest every ATM user, so its time for banks to be more secure on their ATMs security.

Kaspersky Lab suggests that banks change the locks on their ATM enclosures, since criminals often have master keys, and install physical alarms to go off when an ATM enclosure is opened. Banks that don’t tighten their security could find their oversights very costly.



This site uses Akismet to reduce spam. Learn how your comment data is processed.