In 2009, malware called “Skimer” surfaced and security firms took notice. Skimer is essentially malware that gives hackers full access to an ATM without needing to install any physical hardware, like a card skimmer. According to a new investigation by Kaspersky Lab, the malware is not only seems in use, but it’s also become more powerful.
Kaspersky discovered the latest version of Skimer this month after investigating a break-in at a bank. While the bank found no evidence that it had been attacked, the security firm found that a new version of Skimer had been used and featured improvements that make it harder to detect. This is very scary, because the the Russian-based software makes it relatively easy for hackers to take complete control of any ATM.
The hackers begin by installing a file called Backdoor.Win32.Skimer, malware that hides in the ATM code waiting for the hacker to open it with a particular card. Kaspersky explains what happens next:
The Skimer’s graphic interface appears on the display only after the card is ejected and if the criminal inserts the right session key from the pin pad into a special form in less than 60 seconds.
With the help of this menu, the criminal can activate 21 different commands, such as dispensing money (40 bills from the specified cassette), collecting details of inserted cards, self-deleting, updating (from the updated malware code embedded on the card’s chip), etc. Also, when collecting card details, Skimer can save the file with dumps and PINs on the chip of the same card, or it can print the card details it has collected onto the ATM’s receipts.
Traditional skimmers are simply devices that can intercept a transaction, logging your data in the process. At ATMs, they can record your credit card numbers, and with the help of additional tech such as cameras or keypad overlays, can log your PIN codes as well. If you know where to look, you can find out if the ATM has been tampered with, although the hardware has become increasingly sophisticated.