A new ATM malware strain dubbed FiXS has been observed focusing on Mexican banking companies due to the fact the start of February 2023.
“The ATM malware is concealed inside of a further not-destructive-on the lookout software,” Latin American cybersecurity agency Metabase Q stated in a report shared with The Hacker Information.
Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is able of infecting any teller equipment that supports CEN/XFS (small for eXtensions for Economical Companies).
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The actual mode of compromise continues to be not known but Metabase Q’s Dan Regalado advised The Hacker News that it is really most likely that “attackers identified a way to interact with the ATM by means of touchscreen.”
FiXS is also said to be comparable to a further pressure of ATM malware codenamed Ploutus that has enabled cybercriminals to extract hard cash from ATMs by working with an external keyboard or by sending an SMS message.
Just one of the noteworthy attributes of FiXS is its ability to dispense dollars 30 minutes right after the last ATM reboot by leveraging the Windows GetTickCount API.
The sample analyzed by Metabase Q is shipped by way of a dropper known as Neshta (conhost.exe), a file infector virus that is coded in Delphi and which was originally noticed in 2003.
“FiXS is executed with the CEN XFS APIs which aids to operate largely on each Windows-centered ATM with minor changes, comparable to other malware like RIPPER,” the cybersecurity business claimed. “The way FiXS interacts with the criminal is by means of an exterior keyboard.”
With this development, FiXS turns into the most current in a very long record of malware this sort of as Ploutus, Prilex, SUCEFUL, GreenDispenser, RIPPER, Alice, ATMitch, Skimer, and ATMii that have targeted ATMs to siphon revenue.
Prilex has due to the fact also advanced into a modular issue-of-sale (PoS) malware to carry out credit score card fraud by way of a wide range of procedures, which include blocking contactless payment transactions.
“Cybercriminals who compromise networks have the exact same stop goal as individuals who have out attacks by way of bodily obtain: to dispense cash,” Pattern Micro stated in a detailed report on ATM malware released in September 2017.
“However, in its place of manually putting in malware on ATMs by means of USB or CD, the criminals would not want to go to the machines anymore. They have standby income mules that would select up the dollars and go.”
Found this report intriguing? Comply with us on Twitter and LinkedIn to study additional exclusive content material we write-up.
Some pieces of this article are sourced from:
thehackernews.com