Experts at FireEye have discovered a new strain of malware dubbed Suceful (Backdoor.ATM.Suceful) specifically designed to target ATMs. Malware designed to hack ATMs are not new, in the past security experts have already detected malicious codes used to make ATMs dispense cash, such as Ploutus or Tyupkin.
Why Suceful is singular?
According to the malware researchers at FireEye Labs Suceful is the first multi-vendor ATM malware threatening the banking industry.
The variant detected by FireEye appears to have been created on August 25, it was recently uploaded to VirusTotal from Russia and experts speculate that it could be the result of ongoing development.
“FireEye Labs discovered a new piece of ATM malware (4BDD67FF852C221112337FECD0681EAC) that we detect as Backdoor.ATM.Suceful (the name comes from a typo made by the malware authors), which targets cardholders and is able to retain debit cards on infected ATMs, disable alarms, or read the debit card tracks.” states the blog post published by FireEye.
Similar to other ATM malware, SUCEFUL interacts with a middleware called XFS Manager which is the interface between the application (malware in this case) and the peripheral devices (e.g., printer, dispenser, card reader, in pad).
Almost every vendor has its own implementation of the XFS Manager despite they also support the default XFS Manager template.
According to the experts in Diebold or NCR ATMs, SUCEFUL is able to read credit/debit card data, and suppressing ATM sensors to avoid detection.
The SUCEFUL capabilities in Diebold or NCR ATMs include:
FireEye is still investigating on the case, it has no evidence of how the crooks installed on SUCEFUL on the ATMs.
[adrotate banner=”9″]
(Security Affairs – SUCEFUL , ATM)
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.