Cybersecurity Insight

Skimer Malware Infects ATMs

26 May

Skimer, originally surfacing in 2009, is back and stronger than ever. For those who are unfamiliar, Skimer gives hackers complete access to an ATM without needing to install any kind of physical hardware. At one point, that was the only way a fraudster could steal bank information, duplicate it, and use it at their discretion. The newest version of Skimer, beside not needing physical hardware, is much more stealth and barely leaves a path for cyber security personnel to track.

Discovered by Kapersky, the company was originally investigating an entirely different situation at a bank when they came across trace remnants of Skimer. What’s significant is that after the hacker installs the file – Backdoor.Win32.Skimer – the malware hides in the ATM until it is activated by a particular user; the interface appears only if they’ve entered the correct information within the specified time limit. Allowed to issue 21 commands once the ATM is in use, these actions range from dispensing bills directly from the ATM to printing account and card numbers onto a receipt. The “best” part? They don’t have to stay at the infected ATM; so long as the machine is on the same network as the infected one, they have the same access across the board.

While there haven’t been reports of widespread attacks in the US, South Africa is an entirely different situation. In just two hours, over 1,400 users were able to complete close to 1,600 unique transactions at different ATMs – all on the same network – and steal a total of $20M USD. It was a malicious and coordinated fraud attack, and they aren’t any closer to nabbing the perpetrators.

Users can still be proactive in these types of situations – for example, continuing to educate themselves on what protection is available to them through their bank or credit card providers. Vigilance and understanding that these situations can happen to anyone are some of the preliminary steps one must take to protect themselves and their financial and personal data.