ATM Machines Robbed by New USB Virus

At least there are still some hackers out there willing to get their hands dirty like the old days.

Thousands of dollars have gone missing from a number of ATMs across Europe in the past few weeks, and two anonymous security researchers may have finally figured out why. According to their report, dozens of targeted ATMS had holes cut in the casing which granted access to an internal USB port, giving the thieves a tool to take the whole hard drive over and pull money out of it as they pleased.

The USB stick containing the virus would install a secret 12-digit code on the machine, that when activated, would spurt out every last dollar in the till to a single lucky customer. The program was so advanced thieves could even see the exact amount in a machine and the denominations it was split up into before making their run on the bank. This meant they could take only the highest denomination bills and minimize the risk of their plan being exposed.

faulty-british-atm-hands-out-free-money-1343326199-3940

Because of this precision-strike mentality many ATMs were compromised a number of times without incident, while the crews behind the crack left and returned for several withdrawals before anyone noticed something was fishy.

Analysts also suspect there may have been some distrust between the ranks of the gang, as the malware required two separate codes to eventually gain access the cash. The first was a standard entry consistent across several different machines, while the second was one-time-use only that those retrieving the cash could only get directly from the bosses at the top of the scheme.

This means the management was always aware whenever any new funds were coming in, and could track what the take on each heist was worth by the time everyone in the racket reported back to home base. The researchers believe those behind this scheme held a deep, innate knowledge of the machines they were exploiting, explicitly going out of their way to make the malware as difficult to crack as possible.