Security researchers have discovered a new piece of malware called Backdoor.ATM.Suceful that infects ATMs and can steal your baking details.
Discovered by security firm FireEye Labs, the malware directly targets card-holders rather than duping banks. The virus can run on multiple types of ATM, including those made by Diebold and NRC, and is claimed to provide a powerful range of worrying features. In particular, FireLab points out that the software can read data from the swipe strip and chip of a card, grab the encrypted PIN, suppress ATM sensors to avoid detection and retain the user’s card within the machine. Fairly comprehensive, then.
FireEye identified the malware after it was uploaded to the online tool VirusTotal. Timestamped with a creation date of August 25 2015, the researchers speculate that the malware may still be in the development stage. Indeed, Backdoor.ATM.Suceful has yet to be observed in the wild. But given its features in combination have “never seen before in ATM malware” it might not be too long before it creeps into cash machines — in Russia or further afield.
While it’s impossible to ascertain whether an ATM is affected with malware by simply looking at it, the advice of FireLab is to “keep the contact number for your bank in your phone and call it while keeping eyes on the ATM” if your card is retained. And if you ever notice anything suspicious at an ATM, don’t use it — just walk away.
Image by Catatronic under Creative Commons license