Kaspersky Lab identifies malware used to steal money from ATMs

Kaspersky Lab, in collaboration with the Interpol, has conducted an investigation regarding a new malware called Tyupkin that cyber-criminal uses to steal cash from affected automated teller machines (ATM) in Asia, Europe and Latin America.

In their forensic investigation, Kaspersky Lab’s Global Research and Analysis Team mentioned that the malware was installed on an ATM using a bootable CD.

After successfully infecting an ATM, the malware silently sits inside the machine waiting for a specific command, at a specific time and day of the week (Sunday and Monday nights), from one of the members of the gang which will display the amount cash in all of the cassettes.

From there, the robbers select which cassette to steal from and the ATM will dispense forty (40) banknotes at a time out of that cassette.

“We strongly advise banks to review the physical security of their ATMs and network infrastructure and consider investing in quality security solutions,”

– Vicente Diaz, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team

In line with the investigation, the anti-virus provider gives out a few tips on how to mitigate the risk:

• Review the physical security of their ATMs and consider investing in quality security solutions.
• Replace all locks and master keys on the upper hood of the ATM machines and ditch the defaults provided by the manufacturer.
• Install an alarm and ensure it is in good working order. The cyber-criminals behind Tyupkin only infected ATMs that had no security alarm installed.
• Change the default BIOS password.
• Ensure the machines have up-to-date antivirus protection
• For advice on how to verify that your ATMs are not currently infected, please contact Kaspersky at [email protected]. To make a full scan of the ATM’s system and delete the backdoor, please use the free Kaspersky Virus Removal Tool (available to download here).

Further information about the Tyupkin malware can be found on this link.