Security experts warn of a new scheme that help steal money from ATM machines

Mar 25, 2014 12:58 GMT  ·  By

Approximately 95 percent of the ATMs worldwide are still running Windows XP right now, according to third-party data, so banks have only a few days left to upgrade their cash machines and make sure that customers and fully protected.

Even though end of support for Windows XP is yet to be reached, security experts warn that cybercriminals have already found a way to hack ATMs running this old platform and chances are that the exploit would continue to be used after April 8 unless Microsoft manages to address the flaws.

Symantec’s Daniel Regalado warns that ATM malware based on the Backdoor.Ploutus used in South America last year allows hackers to bypass protection systems and steal money from ATMs using a text message submitted to an infected cash machine.

The procedure it a little bit complicated, but it turns out that its success rate is very high, the security expert warned. Hackers attach a mobile phone via USB to an ATM and using a very simple tethering method, they can not only use the device for accessing the cash machine, but also to keep the phone fully charged and thus be available at any time.

Network packets submitted via SMS are automatically submitted to the ATM via the connected mobile phone, which basically allows the hackers to use malware code in order to withdraw money without permission.

“The network packet monitor (NPM) is a module of the malware which acts as a packet sniffer, watching all network traffic going on in the ATM,” Symantec warns.

“Is there any way to block the malware?’ you might ask. Symantec says that this is a very discrete method of stealing money and it works almost instantly, which makes it pretty difficult to block it. Of course, upgrading the ATMs to a newer operating system would basically be the easiest way to stay protected, as an upgraded platform and newer hardware block the majority of these threats.

“The master criminal knows exactly how much the money mule will be getting and the money mule does not need to linger for extended periods around an ATM waiting for it to issue the cash. The master criminal and money mule can synchronize their actions so that the money is issued just as the money mule pretends to withdraw cash or is walking past the ATM,” Symantec pointed out.

According to reports on the matter, plenty of banks out there have already started the migration process, while others are holding talks with Microsoft to get extended support until the switch is completed.