Tyupkin - Malware Used To Hijack ATMs
Installing fake keypads and card readers was too much of hassle, so criminals developed a better solution to get cash from ATMs. Nowadays, they use a malware which infects the machine and forces it to spew out bills. Worldwide banks lost millions of dollars to this new scheme.
The malware called Backdoor.MSIL.Tyupkin is installed with the help of a bootable CD and works on ATMs powered by 32-bit Windows versions. The malicious program doesn't exploit software bugs, but hijacks a locked panel which gives it control over the physical controls of the matching, thus going beyond the capabilities of a regular protection software. Basically, the tool's interface would show the users the number of bills left in each ATM cassette and allow them to force out 40 bills per usage.
Kaspersky Security Labs, the company which discovered the malware, stated that over 50 ATMs from Eastern European countries were infected. Unfortunately, VirusTotal (a file threat scanning website) has received requests to scan executable files similar to the virus from all over the world.
According to Kaspersky, the criminals are very smart and have several protection methods in place. For example, the malicious software on the ATMs could only be accessed during specific time intervals in certain days of the week. Furthermore, to make sure no one else took advantage of their work, the thieves created a security system which makes the malware require a passwrod in order to work. The key is dynamically generated and changes according to an algorithm known only by its developers.
Kasperky Security Labs refused to reveal the names of the companies involved, stating that it would interfere with an ongoing Interpol investigation.
