The ultimate heist: Hackers use SMS to get ATMs to pump out cash

Windows XP ATM SMS malware

Microsoft is dropping support for Windows XP on April 8th, and with 95% of all ATMs still running XP, this could become a major problem for any banks that haven’t signed agreements to keep support running past the deadline. And today, we learned of an ATM attack that could be easily fixed if the ATMs update to Windows 7 or 8: According to Symantec, attackers have found a way to steal money from ATMs using SMS messages. Symantec first noticed this attack late last year, when the attacks were happening in Mexico. In a blog post on Monday, it noted that a new variant of the malware, called Ploutus, had been translated to English.

The Ploutus malware allows attackers to send an SMS message to a phone that is attached to an ATM. The ATM will then spit out the amount of money requested.

The attacker first needs to upload the Ploutus malware to the ATM using either a USB drive or a CD-ROM. According to SC Magazine, the attackers have picked ATM locks and even bored holes into the ATM casing to access the ATMs’ drives.

Once Ploutus has been uploaded, the attacker also needs to attach a cell phone to the ATM using USB tethering. This allows the ATM and the cell phone to share an Internet connection while simultaneously charging the cell phone. The attacker then needs to send the attached cell phone two SMS messages. According to Symantec, the first “must contain a valid activation ID in order to enable Ploutus in the ATM” and the second “must contain a valid dispense command to get the money out.” The Ploutus malware will then tell the ATM to dispense a preset amount of money, which is then picked up by what Symantec calls a “money mule.”

To stop these attacks, Symantec recommends updating the operating system from XP to Windows 7 or 8. Other ways to protect against the Ploutus attack include using physical protection and security cameras to monitor the ATM, since the attack cannot be done entirely remotely. Symantec also recommends full-disk encryption and preventing booting up from unauthorized disks or USB drives.

blog comments powered by Disqus