HomeFairfax General ForumArrest/Ticket SearchWiki newPictures/VideosChatArticlesLinksAbout
Fairfax County General :  Fairfax Underground fairfax underground logo
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
Hackers Steal Millions In Cash From ATMs, Using Tyupkin Malware
Posted by: drizzl412 ()
Date: November 30, 2015 02:15AM

Source: http://www.darkreading.com/hackers-steal-millions-in-cash-from-atms-using-tyupkin-malware/d/d-id/1316421

HOW TO GET: http://alibaba.com/product-detail/Tyupkin-Malware_50026046006.html?spm=a2700.7724838.30.1.f4NVG5


Attackers add in failsafes to prevent innocents from triggering attack and money mules from going rogue.
Attackers are infecting ATMs in Asia, Europe, and Latin America with malware, and walking off with stacks of cash, Kaspersky has fohhund. Using the malware, called Tyupkin, and a team of money mules, the attackers have stolen what amounts to millions of dollars in cash.

“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software," said Vicente Diaz, principal security researcher at Kaspersky Lab, in a statement. "Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct APT-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure.”

The good news is that the infection and theft require physical access to the ATM. The bad news is that it's easy to come by, since ATMs are intended to be physically accessible by the general public 24/7. That said, the attackers only went after machines that did not have security alarms installed.

SPONSOR VIDEO, MOUSEOVER FOR SOUND
[Read more about ATM hacks, like the ones using Ploutus malware earlier this year.]

Once access is gained, the attackers reboot the machine using a bootable CD that installs Tyupkin. The malware then runs in a loop, waiting for a command. It only accepts commands on Sunday and Monday nights, when the mules' suspicious withdrawals are less likely to be noticed.

During those hours, a unique key, based on a random set of numbers displayed by the ATM machine, is generated for each session. Video evidence shows that the mule collecting the cash calls another gang member on the phone and gives them that random combination. The person on the other side of the call then runs those digits through an algorithm to generate the session key, and gives the key to the mule. Once the key is entered, the machine displays the amount of cash located in each cassette, and dispenses 40 banknotes from whichever cassette the attacker chooses.


The process prevents both regular customers from accidentally triggering the attack and money mules from trying to steal the money themselves without the rest of the gang knowing about it.

Options: ReplyQuote


Your Name: 
Your Email (Optional): 
Subject: 
Attach a file
  • No file can be larger than 75 MB
  • All files together cannot be larger than 300 MB
  • 30 more file(s) can be attached to this message
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically.
 **    **  **     **  ********   ********   ******   
  **  **   **     **  **     **  **        **    **  
   ****    **     **  **     **  **        **        
    **     **     **  ********   ******    **   **** 
    **     **     **  **         **        **    **  
    **     **     **  **         **        **    **  
    **      *******   **         **         ******   
This forum powered by Phorum.