Hackers used malware to steal $2 million from ATMs in Taiwan

Taiwanese law enforcement agencies are investigating malware-based attacks against ATMs of a national bank that resulted in a $2 million theft.

Law enforcement in Taiwan investigating the attacks against ATMs of a major nations bank, the Taiwan’s First Bank. Crooks used a malware to withdraw more than $2 million from dozens of ATMs in the country, it is the first time that cyber criminals used this technique in Taiwan.

Taiwanese authorities suspect the involvement of two Russian nationals that were wearing masks while cashed out dozens of ATMs in the last weekend. The two suspects have already left the country on Monday, the hackers stole T$70m ($2.2m), they operated while the capital Taipei battered by a typhoon.

According to the video footage recorded by the security cameras, the hackers haven’t used skimmers to steal payment card data, they likely used a malware to control the ATM.

The images show the crooks using a “connected device,” likely a smartphone, to instruct the ATM i release the cash.

The targeted ATMs are produced by the Wincor Nixdorf, the company admitted that some of its ATM in Taiwan were hacked as part of a “premeditated attack.”

“Attacks follow a similar pattern, irrespective of their make or brand, and we as well as the banks are aware of them,” a Wincor official in Germany told Reuters by email. “The details of the attack are being examined by the police, banks as well as experts from Wincor Nixdorf. To support the local teams we have sent security experts.” is the Wincor statement reported by the Reuters Agency.

Investigators have discovered three different strains of malware on the hacked ATMs, of course, the banks in the country are starting to improve the cyber security of their machines in order to prevent similar attacks.

Malware-based attacks against ATM are not a novelty, in an article published on the Infosec Institute, I detailed the recent attacks against ATMs worldwide.

In the article are reported attacks based on various ATM malware, including Suceful, GreenDispenser, and Skimer.

All these malware implement the ATM jackpotting technique presented by Barnaby Jack at Black Hat USA 2010.

In November 2014, a gang of Romanian and Moldovan criminals stole nearly £1.6m in raids on ATM (Automated Teller Machines) in the UK. The group used a malware to compromise more than 50 ATMs.

In the same period, experts from Kaspersky Lab observed several attacks on Automated Teller Machines (ATMs) which were infected by malware dubbed Tyupkin. Tyupkin is one of the most popular malicious codes used by criminals to hack ATMs and force them to release cash on demand. Experts at Kaspersky Lab collected evidence that Tyupkin infected at least 50 ATMs, mainly in Eastern Europe.

In May 2013, security experts spotted another ATM Trojan dubbed Padpin; meanwhile in October 2013, malware researchers isolated samples of another malware dubbed Ploutus that was circulated to compromise banking machines and steal cash from them.

Stay tuned …

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – hacking ATMs, malware)