Rufus malware used to empty ATMs running outdated OS in India

Pierluigi Paganini June 19, 2017

Indian authorities are facing with the Rufus malware, a malicious code used to clean out ATMs running outdated Windows XP software across states.

Many security firms and law enforcement agencies are warning of malware-based attacks against ATM. Recently 27 people have been arrested by the Europol for jackpotting attacks on ATM across many countries in Europe.

Last threat spotted in the wild is the Rufus malware, it is a Chinese malicious code that could be used to compromise ATMs. Indian authorities have observed numerous cyber attacks leveraging this threat. Reports of cyber heists come from West Bengal, Gujarat, Odisha, and Bihar.

The Rufus malware could be used to hack only ATMs running outdated software, all the ATMs targeted by crooks were found to be still using the old versions of Windows XP.

According to The Dailymail, the first attack was reported in Odisha city, the police are working with cyber experts to identify cyber criminals.

Rufus malware ATM India

The crooks use to target unguarded ATMs nighttime, they infect the system with a pen drive that is inserted into the USB port. Once the malware has infected the ATM, it would restart the system interrupting the connection with the service provider’s servers.

The Rufus malware generates a code after it infected the system, the code is then sent back to the crooks that convert it into a password. Every time the password is entered, the ATM releases the money.

“The malware when used on an ATM generates a code, which the crooks send to their gang members, who convert the code to a password, and as soon the password is applied the ATM dispenses cash,'” reported The DailyMail.

“The officer said banks would not immediately learn about the crime as crooks bypass the server and the hackers swiftly walk away without raising an alarm.”

Of course, such kind of attack is the result of the lack of adequate security measures for ATMs, it is expected that the Indian Government will force ATM manufacturers to upgrade the system running on their machines.

“The government and RBI should make ATM manufacturers compulsorily install new and robust operating systems,” said Mumbai-based cyber lawyer and expert Prashant Mali.

“‘If the government plans to increase the number of ATMs, then it should ensure that they are available whenever needed.”

 ATM vendors denied the existence of any security loopholes or other vulnerabilities exploited by cyber criminals.

The Reserve Bank of India is working closely with National Payment Corporation of India to instruct the banks on how to enhance their security.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Rufus Malware, ATM)

[adrotate banner=”13″]



you might also like

leave a comment