CUTLET MAKER ATM malware offered for 5000 USD on darknet forum

Hacking ATM could be very easy thanks to the availability of the CUTLET MAKER ATM malware on an underground hacking forum.

Wannabe crooks can buy an ATM malware on a Darknet market for around $5000, the discovery was made by researchers at Kaspersky Lab that noticed a forum post advertising the malicious code dubbed Cutlet Maker.

“In May 2017, Kaspersky Lab researchers discovered a forum post advertising ATM malware that was targeting specific vendor ATMs. The forum contained a short description of a crimeware kit designed to empty ATMs with the help of a vendor specific API, without interacting with ATM users and their data.” states the blog post published by Kaspersky Lab. “The post links to an offer that was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.”

The post was initially proposed on the AlphaBay black marketplace that was recently shut down by law enforcement.

The forum post includes a description of the malware and a detailed manual for the malware toolkit. The crimeware kit was designed to target various Wincor Nixdorf ATM models using a vendor API, without interacting with ATM users and their data.

The manual “Wall ATM Read Me.txt” was likely written by a native Russian-speaker with a poor English, it also mentions the Tyupkin ATM malware used to conduct Jackpotting attacks worldwide.

The manual provides a detailed description of all parts composing the toolset and how to use them. The list of crimeware from the kit consists of CUTLET MAKER ATM malware, the core element, with a password generator included and the Stimulator that is an application used to gather cash cassette statuses of a target ATM.

Another component is the ‘c0decalc‘ that is a simple terminal-based application without any protection at all.

Experts noticed that the crimeware kit is composed of programs likely developed by different authors.

The functionality of the Cutlet Maker malware suggests that two distinct roles are supposed to be involved in the cyber heist, the “drop” and “drop master.”

The ATMjackpot crew posted four videos that show how someone can gain access to an ATM’s USB port, connect the needed hardware, run the malware, and make the ATM spit out cash. Bleeping Computer has uploaded two of the four videos on YouTube, embedded below. We removed the sound from one video as it contained a copyrighted song.

“Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password,” the researchers say.

“Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface.”

The experts concluded cyber “criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.”

According to Bleepingcomputer, crooks launched a new website named ATMjackpot and started offering the same ATM malware including some modifications on demand.

The ATMjackpot hackers also published four videos that show how someone can gain access to an ATM’s USB port, connect the hardware, and execute the malware to control the machine.

The Cutlet Maker is currently offered on the ATMjackpot website for $1,500 worth of Bitcoin.

“Cutlet Maker is currently sold on the ATMjackpot portal for $1,500 worth of Bitcoin, a price that will double starting with the buyer’s second month.” reported Bleepingcomputer.com

“The price of this fee represents one credit, and one credit is valid for cashing out one ATM.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini 

(Security Affairs – CUTLET MAKER, ATM malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

5 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

17 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

21 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.