A new ATM malware strain dubbed FiXS has been observed focusing on Mexican banking companies due to the fact the start of February 2023.
“The ATM malware is concealed inside of a further not-destructive-on the lookout software,” Latin American cybersecurity agency Metabase Q stated in a report shared with The Hacker Information.
Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is able of infecting any teller equipment that supports CEN/XFS (small for eXtensions for Economical Companies).
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The actual mode of compromise continues to be not known but Metabase Q’s Dan Regalado advised The Hacker News that it is really most likely that “attackers identified a way to interact with the ATM by means of touchscreen.”
FiXS is also said to be comparable to a further pressure of ATM malware codenamed Ploutus that has enabled cybercriminals to extract hard cash from ATMs by working with an external keyboard or by sending an SMS message.
Just one of the noteworthy attributes of FiXS is its ability to dispense dollars 30 minutes right after the last ATM reboot by leveraging the Windows GetTickCount API.
The sample analyzed by Metabase Q is shipped by way of a dropper known as Neshta (conhost.exe), a file infector virus that is coded in Delphi and which was originally noticed in 2003.
“FiXS is executed with the CEN XFS APIs which aids to operate largely on each Windows-centered ATM with minor changes, comparable to other malware like RIPPER,” the cybersecurity business claimed. “The way FiXS interacts with the criminal is by means of an exterior keyboard.”
With this development, FiXS turns into the most current in a very long record of malware this sort of as Ploutus, Prilex, SUCEFUL, GreenDispenser, RIPPER, Alice, ATMitch, Skimer, and ATMii that have targeted ATMs to siphon revenue.
Prilex has due to the fact also advanced into a modular issue-of-sale (PoS) malware to carry out credit score card fraud by way of a wide range of procedures, which include blocking contactless payment transactions.
“Cybercriminals who compromise networks have the exact same stop goal as individuals who have out attacks by way of bodily obtain: to dispense cash,” Pattern Micro stated in a detailed report on ATM malware released in September 2017.
“However, in its place of manually putting in malware on ATMs by means of USB or CD, the criminals would not want to go to the machines anymore. They have standby income mules that would select up the dollars and go.”
Found this report intriguing? Comply with us on Twitter and LinkedIn to study additional exclusive content material we write-up.
Some pieces of this article are sourced from: