Click to Skip Ad
Closing in...

This malware can make an ATM spit out all of its cash on demand

Published Oct 15th, 2019 5:04PM EDT
ATM Malware
Image: Matt Rourke/AP/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The bank employee in the city of Freiburg, Germany, who noticed a bank ATM acting screwy one morning was greeted with a bizarre message on the control panel: “Ho-ho-ho! Let’s make some cutlets today!” That employee didn’t immediately realize it, but hackers had implanted malware in the ATM as part of a so-called “jackpotting” attack. The end result is like something you might see in a movie — the ATM spitting out a stream of cash until the machine is completely drained.

A joint investigation by Motherboard and a German news outlet has laid out some of the details of how hackers are increasingly going after machines with weak security and running outdated software. Regulators and legal sources, naturally, aren’t saying too much about the practice at this point, but not only are sources confirming that this kind of ATM attack is on the rise around the world, including in the US — but the implication is that banks are vulnerable and largely not prepared to deal with this.

Generally, attackers install the malware via an access point on the ATM, such as a USB outlet. The code is also surprisingly affordable; per Motherboard, hackers have been carrying out attacks around Europe using Russian software that costs $1,000.

You hear about an attack of this kind, software that can make an ATM spit out a stream of cash, and as we said, it sounds like a Hollywood version of how a malware attack is envisioned to take place. Unfortunately, this is very much a real-life scenario, with one source telling the reporters involved in the investigation that there are bad actors out there selling the code that makes this possible to basically whoever will pay up. And this also doesn’t seem to be limited to a particular corner of the world — “Potentially, this can affect any country,” according to cybersecurity expert David Sancho.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.