October 8, 2014 by

Windows-Based ATMs Under Attack: Millions of Dollars Stolen

Kaspersky, a well-known security company, reported yesterday that a new type of malware has been infecting Windows-based ATMs throughout Eastern Europe and is now spreading to other continents. Kaspersky named the malware “Backdoor.MSIL.Tyupkin.” It was first detected in January of this year. Although the exact amounts stolen in this manner have not been specified, it’s in the millions.

It seems the malware is not particularly sophisticated, albeit very effective. It must have been physically installed on the ATM. Using a bootable CD, the criminals were able to load the malicious software onto the machine. “Tyupkin” only becomes active at night and allows whoever is picking up the cash to see the contents of each money cassette and after entering special one-use-only code. The criminals can then withdraw money from the cassettes, 40 notes at a time. See the video below for a demonstration:

The malware is currently known to have spread to these countries, affecting over 50 ATMs worldwide.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Download.com Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

Cybercriminals Spoof Millions of Printers, Scanners to Spread Malware

Security researchers have discovered cybercriminals spoofing millions of scanners to launch attacks...

Read more arrow_forward