A group of cybercriminals developed a system to rob ATMs by sending them an SMS that activates a malware inside them so they spit bills out, reported the firm Symantec.
The attack is based on the malware Ploutus, which was detected in ATMs in Mexico. This malware takes advantage of a vulnerability of Windows XP, which is in 95% of ATMs in the world.
To load Ploutus in an ATM they need to access the CD-ROM unit or a USB port, something attackers have previously done by breaking the locks or simply drilling holes in the box to get to the computer and then covering them.
In this modified version, it is necessary to connect a mobile telephone to the ATM using tethering USB, which allows the machine to share internet with the mobile device, and also keeps it charged. Then, the criminals send commands via SMS to the phone connected to the ATM, activating the malware Ploutus. With this activation, the ATM instantly spits out the amount of money previously setup in the virus.
Criminals operate this way with several people that go withdraw the money they ordered via SMS, with no need to learn numerical codes or anything special. This type of robbery does not involve card cloning or accessing people’s accounts, but it will affect the banks0 funds.
Symantec has indicated several measures to stop this type of attack, although the most efficient one would be to update the operating system.