October 8, 2014 by

Windows-Based ATMs Under Attack: Millions of Dollars Stolen

Kaspersky, a well-known security company, reported yesterday that a new type of malware has been infecting Windows-based ATMs throughout Eastern Europe and is now spreading to other continents. Kaspersky named the malware “Backdoor.MSIL.Tyupkin.” It was first detected in January of this year. Although the exact amounts stolen in this manner have not been specified, it’s in the millions.

It seems the malware is not particularly sophisticated, albeit very effective. It must have been physically installed on the ATM. Using a bootable CD, the criminals were able to load the malicious software onto the machine. “Tyupkin” only becomes active at night and allows whoever is picking up the cash to see the contents of each money cassette and after entering special one-use-only code. The criminals can then withdraw money from the cassettes, 40 notes at a time. See the video below for a demonstration:

The malware is currently known to have spread to these countries, affecting over 50 ATMs worldwide.


About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

Here are the 10 Most Malware Infected States in the Country

A new report has canvassed more than 1.5 million malware infections in the United States to reveal...

Read more arrow_forward

The Growing Insider Threat

A security threat originating from within the organization which is targeted or attacked is an...

Read more arrow_forward