Hackers Could Use ATM Malware To Steal Debit & Credit Cards
by September 15, 2015 3:21 pm0
New ATM malware has hit the streets and it’s called Suceful. This new malware seems to have been created in August 2015, and it is unclear if it is still under development or has already been actively deployed. Security firm FireEye is researching Suceful now and discovered it on the website VirusTotal, used to analyze users files for viruses. They do believe that Suceful is not currently in use. The malware was in a file uploaded by a user in Russia and FireEye says its capabilities are impressive.
According to the security firm, Suceful is capable of reading data from the payment card’s magnetic stripe and chip, and disabling ATM sensors. The malware, which attackers can control from the ATM’s PIN pad, also includes a feature that hasn’t been seen at other such threats: it can retain and eject inserted cards to allow fraudsters to physically steal them.
The malware communicates with the ATM hardware via XFS, a standard that provides a client-server architecture for devices used in the financial industry, such as ATMs and electronic payment systems.
The most interesting part of this malware is the attackers can instruct the ATM to keep the card inside the machine. Once the victim walks away the attacker can go to the machine and key in a code to retrieve the card and they then have physical possession of the card along with the pin number already lifted by the software.
The convergence of banking channels continues unabated, creating new opportunities for malevolent acts by fraudsters in a variety of ways. And with the close association of debit and credit cards and ATMs and POS payment systems, fraudsters are figuring out different ways to exploit both the underlying channels systems, and in some cases, the devices connecting these systems. This is why financial institutions and their partners need to be vigilant and thoroughly understand their channels infrastructure.
Overview by Ed O’Brien, Director, Banking Channels Advisory Service at Mercator Advisory Group
Read the full story here
Related posts
Mercator Overviews / by - May 25, 2018 1:14 pm
WSJ Identifies 271 ICOs Likely to be Fraudulent – So Trust Can’t Be Created Out of Thin Air!
The common lie about blockchain is that it establishes trust between participants, but this Wall Street Journal article proves that to be incorrect: “In a review of documents produced for…
Mercator Overviews / by - May 25, 2018 12:14 pm
Merchants Once Again Take Their Fight Against Mastercard & Visa to Federal Regulators
This article in the Wall Street Journal indicates that plans by Mastercard and Visa to combine their online payment buttons have made merchants so angry they are contacting federal regulators:…
Mercator Overviews / by - May 25, 2018 11:05 am
Co-branded Credit Cards: What’s Not to Like (Except the Interest)
The first credit card I got was Macy’s in 1977. The plastic was a source of pride and I still remember the full account number by heart. The account number…
Mercator Overviews / by - May 24, 2018 2:05 pm
Credit Karma: Millennial Kismet or Creditor’s Dream
Here is an interesting article in Forbes on credit card aggregators, the sites that offer credit card applications for major banks. It is likely that you may have tried one…