Go Ahead Apps
Apps Support Blog
Go Ahead Apps Technology Blog

Kaspersky Lab and INTERPOL Discover “Tyupkin,” A Malware Targeting ATMs
07 Oct 2014

Around the Globe, Infected ATMs Give Away Millions of Dollars Without Use of Credit Cards

Woburn, MA – October 7, 2014 – Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, the Company’s researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars. INTERPOL alerted the affected member countries and is assisting ongoing investigations.

Attack Methodology
The criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.

Video footage obtained from security cameras of the infected ATMs showed the methodology used to access the cash from the machines. A unique digit combination based on random numbers is newly generated for every session. This ensures that no person outside the gang could accidentally profit from the fraud. Then the malicious operator receives instructions by phone from another member of the gang who knows the algorithm and is able to generate a session key based on the number shown. This ensures that the mules collecting the cash do not try to go it alone.

When the key is entered correctly, the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to rob. The ATM then dispenses 40 banknotes at a time from the chosen cassette.

The Tyupkin Malware
At the request of a financial institution, Kaspersky Lab’s Global Research and Analysis Team performed a forensic investigation into this cyber-criminal attack. The malware identified and named by Kaspersky Lab as Backdoor.MSIL.Tyupkin, has so far been detected on ATMs in Latin America, Europe and Asia.

“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software. Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct APT-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure,” said Vicente Diaz, principal security researcher at Kaspersky Lab. “We strongly advise banks to review the physical security of their ATMs and network infrastructure and consider investing in quality security solutions,” he added.

“Offenders are constantly identifying new ways to evolve their methodologies to commit crimes, and it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi,” said Sanjay Virmani, director of the INTERPOL Digital Crime Centre.

Kaspersky Lab recommends the following to banks in order to mitigate the risk:

  • Review the physical security of all ATMs and consider investing in quality security solutions.
  • Replace all locks and master keys on the upper hood of the ATM machines and ditch the defaults provided by the manufacturer.
  • Install an alarm and ensure it is in good working order. The cyber-criminals behind Tyupkin only infected ATMs that had no security alarm installed.
  • Change the default BIOS password.
  • Ensure the machines have up-to-date antivirus protection
  • For advice on how to verify that your ATMs are not currently infected, please contact us at intelreports@kaspersky.com. To make a full scan of the ATM’s system and delete the backdoor, please use the free Kaspersky Virus Removal Tool (available to download here).

A video showing how this attack works on a real ATM is available here.

Read more about Tyupkin ATM malware on Securelist.com

 
Source: Kaspersky
OPPO's new flagship smartphone N3 delivers superior voice quality from NXP Software •  Samsung Electronics Launches the NX1 Campaign Partnering with Joseph Gordon-Levitt and hitRECord •  Google introduces Inbox •  LG Donates Two Thousand Smartphones To Un’s Ebola Stabilization Effort •  Kaspersky Lab and INTERPOL Survey Reports: 60 Percent of Android Attacks Use Financial Malware •  Samsung Galaxy Devices based on KNOX platform are the First Consumer Mobile Devices NIAP-Validated and Approved for U.S. Government Classified Use •  Motorola Solutions’ Unleashes Its Most Rugged, Powerful Enterprise Mobile Computer Built on the AndroidTM Operating System •  BELKIN ANNOUNCES FULL LINE OF KEYBOARDS AND COVERS FOR THE IPAD AIR 2 AND IPAD MINI 3 •  Huawei supports Vodafone Foundation Instant Network Schools Programme with tablet donation •  Apple Introduces iPad Air 2—The Thinnest, Most Powerful iPad Ever •  PopCap’s Peggle 2 Now Available on PlayStation 4 •  Empello’s New Guardian Technology Protects Against Misleading Affiliate Marketing •  New Linksys WRT 8-Port Gigabit Switch Expands the Number of Wired Connections on a Home Network •  Openwave Mobility Launches Industry’s First 4K Ultra-HD Video Optimization for Mobile Devices •  UFO Video & News Links (Android app) •  MSI'S GAMING NOTEBOOKS EQUIPPED WITH THE NEW NVIDIA GEFORCE GTX 900M SERIES •  Microsoft Dynamics CRM redefines sales productivity for businesses today •  Kaspersky Lab and INTERPOL Discover “Tyupkin,” A Malware Targeting ATMs •  Galaxy Note 4 Edge Features and Specifications Infographic •  WORLD’S FIRST 21:9 CURVED ULTRAWIDE MONITOR NOW AVAILABLE TO U.S. CONSUMERS •  Microsoft unveils the future of Windows •  iPhone 6 & iPhone 6 Plus Available in China on Friday, October 17 •  Galaxy Note 4 Features and Specifications Infographic •  MSI® releases Z97S SLI KRAIT EDITION - DARE TO BE DIFFERENT  •  New version of Arsenal Links released •  New version of Man City Links released! (Android app) •  Samsung GALAXY Note 4 - Seamless Multitasking •  New version of Liverpool Links released (Android app) •  New version of Chelsea Links released •  New version of Man Utd Links released (Android app) •  Go Ahead Apps releases AEK Athens Links (Android app) •  Go Ahead Apps releases PAOK Links (Android app) •  Go Ahead Apps releases PAO Links (Android app) •  Go Ahead Apps releases OSFP Links (Android app) •  HTC DESIRE 510 - 4G FOR EVERYONE •  New version of Apoel Links released (Android app) •  New version of Omonoia Links released (Android app) • 
   
OPPO's new flagship smartphone N3 delivers superior voice quality from NXP Software
29 Oct 2014
NXP Software B.V. today announces that handset manufacturer OPPO has integrated LifeVibesTM Voice...
continue...

Samsung Electronics Launches the NX1 Campaign Partnering with Joseph Gordon-Levitt and hitRECord
24 Oct 2014
Samsung Electronics Co., Ltd. today announced the launch of a new campaign for the Samsung NX1, t...
continue...

Google introduces Inbox
23 Oct 2014
Google introduces something new. It’s called Inbox. Years in the making, Inbox is by the same peo...
continue...

LG Donates Two Thousand Smartphones To Un’s Ebola Stabilization Effort
22 Oct 2014
LG Electronics (LG) will be contributing two thousands smartphones toward the United Nations’ res...
continue...

Kaspersky Lab and INTERPOL Survey Reports: 60 Percent of Android Attacks Use Financial Malware
21 Oct 2014
According to the results of the “Mobile Cyber Threats” survey issued by Kaspersky Lab and INTERPO...
continue...

Samsung Galaxy Devices based on KNOX platform are the First Consumer Mobile Devices NIAP-Validated and Approved for U.S. Government Classified Use
21 Oct 2014
Samsung Electronics Co. Ltd. today announced its solutions have been approved by the United State...
continue...

Disclaimer: All trademarks, images, and logos belong to their respectful owners. Our apps contain links to other websites or other services owned and/or operated by third parties. We are not responsible and accept no liability for the privacy policies, cookie policies or practices of such websites or other services.
Android is a trademark of Google Inc.
Cookies Policy Privacy Policy Contact Us