Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from their cassettes.
WinPot was first detected in March 2018 when it infected ATMs of a popular vendor.
The malicious code has a user interface that looks like a slot machine, it represents each cassette with a reel numbered 1 to 4. The UI includes a button for each cassette to dispense the cash and information on
The interface has two other buttons, the SCAN and STOP ones. The former allows to rescan the ATM and update the information in the UI, the latter allows to the halt the dispensing in progress.
“The criminals had clearly spent some time on the interface to make it look like that of a slot machine.” reads the analysis published by Kaspersky.
Researchers from Kaspersky Lab discovered multiple WinPot samples over the past year, the experts observed minor changes, such as a different packer or changed time period during which the malware was programmed to work. Like other malware such as the Cutlet Maker, WinPot is offered for sale on the Dark Web, it goes for a price of $500
“One of the sellers offers WinPot v.3 together with a demo video depicting the “new” malware version along with a still unidentified program with the caption “ShowMeMoney”. Its looks and mechanics seem quite similar to those of the Stimulator from the CutletMaker story. ” continues the expert.
Due to its nature, ATM malware will remain the same except for little changes that will allow:
“The preferred way of protecting the ATM from this sort of threat is to have device control and process whitelisting software running on it. The former will block the USB path of implanting the malware directly into the ATM PC, while the latter will prevent
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.