New ATM malware has hit the streets and it’s called Suceful. This new malware seems to have been created in August 2015, and it is unclear if it is still under development or has already been actively deployed. Security firm FireEye is researching Suceful now and discovered it on the website VirusTotal, used to analyze users files for viruses. They do believe that Suceful is not currently in use. The malware was in a file uploaded by a user in Russia and FireEye says its capabilities are impressive.
According to the security firm, Suceful is capable of reading data from the payment card’s magnetic stripe and chip, and disabling ATM sensors. The malware, which attackers can control from the ATM’s PIN pad, also includes a feature that hasn’t been seen at other such threats: it can retain and eject inserted cards to allow fraudsters to physically steal them.
The malware communicates with the ATM hardware via XFS, a standard that provides a client-server architecture for devices used in the financial industry, such as ATMs and electronic payment systems.
The most interesting part of this malware is the attackers can instruct the ATM to keep the card inside the machine. Once the victim walks away the attacker can go to the machine and key in a code to retrieve the card and they then have physical possession of the card along with the pin number already lifted by the software.
The convergence of banking channels continues unabated, creating new opportunities for malevolent acts by fraudsters in a variety of ways. And with the close association of debit and credit cards and ATMs and POS payment systems, fraudsters are figuring out different ways to exploit both the underlying channels systems, and in some cases, the devices connecting these systems. This is why financial institutions and their partners need to be vigilant and thoroughly understand their channels infrastructure.
Overview by Ed O’Brien, Director, Banking Channels Advisory Service at Mercator Advisory Group
Read the full story here