Crooks Have Started Rooting ATMs to Steal Cash

We may earn a commission from links on this page.

As if we don't already have it bad with ATM skimmers, criminals have now started going a step further. New reports suggest that ATMs are increasingly being rooted so that crooks can take complete control of cash points and easily steal funds.

Security firms Kaspersky and Interpol have announced that criminals have begun to install malware referred to as Tyupkin on ATMs. It allows a ringleader to generate codes that change on a rolling basis, which are provided to 'money mules' who can use them to withdraw cash whenever they have physical access. The hack allows the thieves to check how much money lies in the ATM and then dispense up to 40 bills at a time.


So far, 50 machines have been found to be affected across Europe and Russia—but there's no telling right now how far the trend has spread. Vicente Diaz, principal security researcher at Kaspersky Lab, has explained to Ars Technica:

"Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software. Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly.

"The malicious operator receives instructions by phone from another member of the gang who knows the algorithm and is able to generate a session key based on the number shown. This ensures that the mules collecting the cash do not try to go it alone."


While details of exactly how the attacks work have been withheld, it's worth noting that, unlike skimmers and other hacks that target your account, this malware simply allows criminals to pull cash right out of the machine. That's little comfort to the banks, though, and it perhaps shouldn't be to us.

Ultimately what this reveals is that criminals are getting increasingly smart when it comes to hacking ATMs—and we should all try and be as careful as possible. The advice, as ever, remains the same: if anything ever looks suspicious at an ATM, don't use it. [Kapersky via Ars Technica]


Top image by Catatronic under Creative Commons license