A recently detected computer malware – Winpot – could be used by cybercriminals to instantly withdraw customers’ money from Automated Teller Machines, ATMs.
This discovery was made by the global cybersecurity firm Kapersky Lab, which warned that the malware was created to resemble an ATM and could be further modified this year by the fraudsters.
A modified Winpot Malware would trick ATM security systems by tricking it into bypassing dispensing limit, thus keeping the money dispensing.
“in march 2018, we came across a fairly simple but effective piece of malware named winpot. it was created to make atms by a popular atm vendor to automatically dispense all cash from their most valuable cassettes. we called it atmpot. the criminals had clearly spent some time on the interface to make it look like that of a slot machine. likely as a reference to the popular term atm-jackpotting, which refers to techniques designed to empty atms.”
Describing how the malware is used, analysts at Kaspersky said, “In the WinPot case, each cassette has a reel of its own, numbered one to four (four is the maximum number of cash-out cassettes in an ATM) and a button labelled ‘spin’.
“as soon as you press the spin button, the atm starts dispensing cash from the corresponding cassette. down from the spin button, there is information about the cassette such as the bank note value and the number of bank notes in the cassette. the scan button rescans the atm and updates the numbers under the slot button, while the stop button stops the dispensing in progress.”
Meanwhile, the only method that banking institutions can safeguard their customers money from being stolen by the fraudsters is to “have a device control and process white-listing software running on it.” This would help to block the USB path used by the fraudsters to implant the malware into the ATM PC, as well as forestall the execution of any unauthorised software on it.”