diebold-atm-pc

ATM’s are pretty awesome devices that virtually everyone uses no matter what country you are in.  They are convenient and typically located at every bank, mall and gas station.  Most average consumers never even begin to think about the possibility that they are not secure.  Usually they are concerned with someone seeing their pin number being entered or any personal information on the screen.  Very rarely do they ever think that the ATM is actually a computer and could be infected with malware.

That may start to change now that a very serious trojan has been detected which has infected some Diebold ATM’s.  Unearthed yesterday by Sophos when they heard a rumor from someone who works at a bank that there might be a trojan infecting them.  Typically this is disregarded as just another urban legend to try and scare people to be more careful but Vanja Svajcer at Sophos decided to take a closer look.  What he found is what most people did not expect, the rumor was true.

Typically ATM’s are running non-standard operating systems which makes it difficult to create a trojan for them or even find a way to get the machine infected. This was a very well made trojan designed to evade detection and steal money undetected.  It is not known for sure if the trojan has actually infected any ATM’s but it is designed for Diebold machines and someone on the inside was probably involved.  ATM’s do not have USB ports on the front of them for obvious reasons so there had to be another method of delivery.

Sergei at Threat Expert was able to do an in depth analysis of the trojan to see how it attaches itself to the machine and partially how a user could interact with.  Things such as printing receipts of captured card numbers and PIN’s is only part of it.  They potentially even have the capability to see how much money is in the machine.

If you use an ATM the bad guys will steal all of your money.  Well at least that’s what will soon be flashing all over the nightly news for a few days.  The reality of this discovery is that malware writers are targeting ATM’s but this is not the first time.  It is just the newest method to come around and surely won’t be the last.

Check It Out> Sophos, ThreatExpert, ZDNet