Effective new Trojan skims card info from widely used ATMs
Posted on 18.12.2013
Bookmark and Share
Researchers from Russian AV company Doctor Web have managed to get their hands on a Trojan aimed at recording and collecting card information from one of the most widespread ATM machine types. Unfortunately, they didn't say which one.


"Trojan.Skimer.18 is by no means the first backdoor to infect ATM software, but it is the first to target devices so common throughout the world," the researchers explained its importance.

The Trojan comes in the form of a dynamic link library (DLL) and gets loaded by an infected application. Once having gained a foothold on the machine, it immediately creates a log file that will store the stolen information - Track 2 data (card / account number, expiry date, service code) and PIN codes.

"It is noteworthy that in order to maintain confidentiality, ATM manufacturers employ a special technology that facilitates the encrypted transmission of PIN codes entered into ATMs, and the encryption key is regularly updated from the bank's server," they pointed out, but added that Trojan.Skimer.18 easily bypasses this protection and uses the ATM's software to decrypt PIN codes.

The criminals control the malware via specially designed master cards.

Once inserted into the ATM's card slot, these cards make a Trojan dialogue box pop up and allow criminals to use the ATMs keypad to interact with the malware.

If directed to do so, the Trojan can delete itself or the log file from an infected ATM, restart the machine or change its operation mode, and even update itself by using an app from the master card's chip. The master cards can also "download" the already stolen info after first compressing the file.









Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //