Category: ATM

Security FeedsMalware StatisticsPublicationsATMFinancial malwareFeaturedGoogle AndroidTrojan BankerApple MacOSElectronic Payments

Financial Cyberthreats in 2019

Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities, with malicious users creating fake financial-themed pages and emails to steal victims’ credentials. In order to study the threat landscape of the financial sector, our researchers analyzed malicious activity on the devices of individual users of Kaspersky’s security solutions. Statistics for corporate users were…

Security FeedsATMFinancial malwareTargeted AttacksTrojan BankerInternet BankingKaspersky Security BulletinBiometric authenticationCredit Cards

Cyberthreats to financial institutions 2020: Overview and predictions

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Corporate security prediction 2020 Key events 2019 Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovered Multi-factor authentication (MFA) and biometric challenges Targeted attack groups specializing in financial institutions: splitting and globalization ATM malware becomes more targeted Card info theft and reuse: magecarting everywhere and battle of POS malware families in Latin America Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovered During the last…

Security FeedsMalware DescriptionsATMFinancial malwareFeaturedDropperRAT TrojanLazarus

Hello! My name is Dtrack

Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the machines. Naturally, we wanted to know more about that ATM malware, so we used YARA and Kaspersky Attribution Engine to uncover more interesting material: over…

Security FeedsATMFinancial malwareFeaturedjava

Criminals, ATMs and a cup of coffee

In spring 2019, we discovered a new ATM malware sample written in Java that was uploaded to a multiscanner service from Mexico and later from Colombia. After a brief analysis, it became clear that the malware, which we call ATMJaDi, can cash out ATMs. However, it doesn’t use the standard XFS, JXFS or CSC libraries. Instead, it uses the victim bank’s ATM software Java proprietary classes: meaning the malware will only work on a small subset of ATMs. It makes this malware very targeted.…

Security FeedsMalware StatisticsPublicationsATMFinancial malwareFeaturedGoogle AndroidTrojan BankerApple MacOSElectronic Payments

Financial Cyberthreats in 2018

Introduction and Key Findings The world of finance has been a great source of income cybercriminals across the world due to an obvious reason – money. While governments and organizations have been investing in new methods to protect financial services, malicious users have been investing in how to bypass them. This has fueled many changes in how online financial services and payment systems, large banks and POS terminals are being used. The past year has seen a wide range of changes in the financial…

Security FeedsMalware DescriptionsATMFinancial malwareFeatured

ATM robber WinPot: a slot machine instead of cutlets

Automation of all kinds is there to help people with their routine work, make it faster and simpler. Although ATM fraud is a very peculiar sort of work, some cybercriminals spend a lot of effort to automate it. In March 2018, we came across a fairly simple but effective piece of malware named WinPot. It was created to make ATMs by a popular ATM vendor to automatically dispense all cash from their most valuable cassettes. We called it ATMPot. Example of WinPot interface –…

Security FeedsMalware DescriptionsPublicationsATMFinancial malware

Goodfellas, the Brazilian carding scene is after you

There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile ground for collecting credit and debit cards en masse. Brazil started the migration to EMV cards in 1999 and nowadays almost all cards issued in the country are chip-enabled. A small Java-based application lives…