A new type of malware, called EU ATM Malware, has recently been discovered targeting automated teller machines (ATMs) across Europe. The malware is an astonishing 99% effective, an unprecedented achievement in the field of cybersecurity.
Olga Osipova, senior application security specialist at Kaspersky, explains that the EU ATM malware can infect ATMs from different manufacturers with the same efficiency, allowing up to $30,000 to be withdrawn from a single ATM.
Furthermore, it is available in subscription and trial versions, indicating a well-organized criminal organization behind its development, and has operating methods that can be modified to suit different targets and attack conditions.
ATM attacks are highly profitable because they provide direct access to physical cash. The malware and specialized hardware for these attacks are often found on the dark web, leading to waves of attacks on banks in many countries. Historically, malware such as Tyupkin, Cutlet Maker, Skimer, and methods such as Black Box were common in 2015 and 2016.
The EU ATM malware is believed to be cross-platform, possibly based on the XFS standard, which provides a common API for managing internal ATM modules, regardless of manufacturer.
Over many years of ATM security analysis, a series of tools have been developed to test the possibility of withdrawing money from ATMs. The first version was written more than 10 years ago, when most ATMs were still running Windows XP. This tool, with some minor modifications, continues to work on the latest versions of the operating system, regardless of the platform (NCR, Diebold, GRG, Hyosung, etc.).
The malware takes advantage of vulnerabilities in the XFS standard, allowing cybercriminals to completely empty ATMs. The EU ATM malware is 99% effective on European ATMs and 60% effective on other countries, suggesting a specific design for European devices. However, this does not mean that ATMs outside Europe are safe, as attack methods on devices also pose a constant threat.