14 DAY TRIAL // Experts warn that cybercriminals have released a new version of the ATM malware dubbed Ploutus. Up until recently, the threat has been spotted in Mexico, but now it has been translated into English to allow cybercrooks to use it in other countries as well.
According to Symantec, Backdoor.Ploutus.B is installed on ATMs with the aid of a boot disk inserted into the machine’s CD-ROM drive. Once the disk is booted, the malware is transferred.
Ploutus.B, a threat that’s designed to command the infected device to dispense money, is controlled by the crooks from the ATMs keypad. There’s no keyboard support and there’s no graphical interface, except for a window that shows the attacker how much money there is in the targeted ATM.
Interestingly, the malware is capable of printing the device’s entire configuration if a USB printer is connected to it.
The attackers can withdraw a certain number of bills from the cassette with the most available bills. They can set a timer to specify when to dispense the money, but there’s only a 24-hour window starting with the time when the malware is activated.
Symantec says the threat doesn’t impact users since the money isn’t withdrawn from a certain account. Only the financial institution that owns the ATM is affected. However, the number of banks targeted by cybercriminals is unknown.
“This discovery underlines the increasing level of cooperation between traditional physical world criminals with hackers and cybercriminals,” Symantec’s Daniel Regalado noted in a blog post.
“With the ever increasing use of technology in all aspects of security, traditional criminals are realizing that to carry out successful heists, they now require another set of skills that wasn’t required in the past. The modern day bank robbers now need skilled IT practitioners on their team to help them carry out their heists.”