Cash machine virus can steal your Pin


Cash machine virus can steal your Pin

Cliff Saran

The cash machine network may be prone to a serious hacking attack, banks have been warned.

SpiderLabs, the security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests, has investigated security breaches on automated teller machines (ATMs) running Windows XP over the past few months and found the same malware residing on the breached machines.

"This malware is unlike any we have ever had experience with. It allows the attacker to gain complete control over the ATM to obtain track data, Pins and cash from each infected machine," TrustWave said.

TrustWave found that the malware enables an attacker to steal card data from the ATM's receipt printer or by writing the data to an electronic storage device (possibly using the ATM's card reader). It also discovered code indicating that the malware could eject the cash dispensing cassette.

"We believe the current attack vector is an early version of the malware sample, and future attacks will add functionality such as propagation via the ATM network. If an attacker can gain access to one machine, the malware will evolve and propagate automatically to other systems."

Approximately 20 ATMs have been compromised, primarily located in Eastern Europe. TrustWave expected the attack to spread to the US and other regions of the world.

This is not the first time a flaw has been found in cash machines. In January, Cambridge University published a paper on a flaw in chip and Pin readers.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy