Tyupkin/Padpi: Malware in ATM Machines

Tyupkin/Padpi: Malware in ATM Machines

I recently read about a "malware" in the financial sector ((banks), to be more specific, and these malware targets ATM machines which has been compromised around the globe)..

Approximately 3 million Malaysian Ringgit (almost 1 million USD) was stolen from 18 ATMs Malaysia alone, and this malware has been found in more than 50 different ATM machines in Eastern Europe as well.

Some security experts suspects that this malware have been misused in other countries such as USA, India, China, Israel, France and Malaysia as well.

I have a hard time understanding, how this malware even can reach to the ATM machines itself? I thought ATM machines are in closed and secure network with no or very limited access to anything apart from the specific LAN. Can someone elaborate on this better than the media?

I'll shoot out my questions:

I have read from the local media and newspapers that these installations were done through a CD… WTF? Is it even possible to reach that many ATM machines via CD? Or we can suspect it spread through LAN. This is, in my world, senseless and stupidity. That would be an epic failure of bank security.

I mean, how can somebody possibly installed something from a workstation, which then copies itself into an ATM,.. The first ATM machine was introduced in 1967, we had so many years to secure it, yet it sounds like a child play to reach these via LAN.

I'm confused, I hope someone can elaborate.

My conspiracy is, these malware should have been feed into the system via the inbuilt chip or magnet stripe from the Credit card by wiping its data with malware and then feeding it into the system. You need to know which variables can save temp data and then finally trigger a command to build the malware inside the ATM machine.. Or someone compromised a few mainframe machines which then updates the atm software..

I do not believe someone was able to reach so many atm machines in so many countries by just installing it from an CD. Do you ?

4 Responses

Any comments ?

It's definitely thru CD drive. I guess. There is no way, we can payload system with just magnetic strip or chip unless the system intended to do so.

Most newish ATMs run off windows and because they're generally on an isolate network, so I would surmise they're not updated (patched) that often (if at all) and or they're running older unsupported versions of windows.

So I guess once you got something on the ATM network it would spread very quickly.

cool, i didnt know ATM machines were build on windows.. a simple search as "blue screen of death ATM" is enough to belive :P

Share Your Thoughts

  • Hot
  • Active