Author

Topic: [2018-08-09] Ready-to-Use Malware for Bitcoin ATMs Found for Sale Online (Read 183 times)

jr. member
Activity: 38
Merit: 1
My previous reply got deleted. Strange, I was only informing the community but maybe because I posted a link instead of the article itself. The official reply is pasted below...

ZDnet and TrendMicro recently published an article on malware for sale on the dark web claiming to be able to rob Bitcoin ATMs from the cash in the machine.

We researched the malware claim and found the offering to be a scam but because none of the blogs bothered to contact us they are effectively helping the scammer with free advertising, luring would-be thieves into purchasing a non-existant hack. The scam here is that the seller of this 'malware' gets free advertising from otherwise reputable blogs (that apparently do not verify what they publish) and the would-be thieves would never report being ripped off because of the nature of the 'product' sold.

The so-called 'malware' is offered for sale on the dark website named 'Wall St Market'. There are several red flags here:

The 'malware' seller reputation on the dark-market shows they have never sold any malware before and the account was only created in November 2017. The malware vendor has only sold leaked customer data with leaked banks/credit scoring documents or bank accounts established based on those leaked customer details in the past. As such, this is clearly not a developer that has ANY experience in selling hacks or custom code, just identity theft from oldskool financial institutions.

Bitcoin ATMs manufactured by GENERAL BYTES have no functionality that would enable dispensing cash prior successfully receiving cryptocurrency via cryptocurrency network or sending cryptocurrency before successfully accepting cash inside of the machine.

The seller claims "Purchasers of the malware also receive a ready-to-use card that comes with EMV and NFC capabilities". Anyone who has ever used a Bitcoin ATM knows that EMV cards have absolutely nothing to do with Bitcoin ATMs and the NFC functionality is only used to read the destination cryptocurrency address.

The mentioned engineering menu known from regular ATMs doesn't exist on GENERAL BYTES Bitcoin ATMs and any factory test software doesn't contain any functionality which would enable the ATMs to send coins, accept cash or dispense cash. (For obvious security reasons.)

Compared to regular ATMs, security measures on cryptocurrency ATMs are lightyears ahead. Partly achieved by the distributed nature of Bitcoin ATMs. There is no central point to attack the machines or network running them.

There is no such thing as a 'free money admin panel', security audits are performed on a regular basis by the manufacturer and internal source code is subject to peer review and auditing by the white-hat hacker community.

Unlike regular ATMs, there is a close relation between Bitcoin ATM operators and the Cryptocurrency ATM manufacturer and software is updated multiple times per month.

We recommend Trend Micro, ZDnet and other media outlets who write about Bitcoin ATMs to contact us before publishing articles like this. This will help them to get their facts straight and will prevent them from turning into an advertising channel for a scammer. We can give any reporter a complete overview on how Bitcoin ATMs work, what is possible and what is downright nonsense.

We hope to have cleared up this confusion. The article no matter how badly written is being copy-pasted to several news outlets. There is no reason to worry but we felt we had to respond to this.
legendary
Activity: 1512
Merit: 1218
Change is in your hands
You still have to get access to some kind of port to transfer the Malware onto the machine, so how are you going to do that if the access ports are locked up inside the machine? By terminal you mean, some kind of command prompt right? So he hacks into the command prompt and launch a script located on a website to redirect coins to his/her Bitcoin address or to launch the Malware?

Ok, that makes sense, but that would need some pretty good knowledge of the software that are being used on these ATMs.

As per Youtube videos, There are special commands to access the command line/terminal on these ATMs but I believe it isn't that easy tho. There is indeed some sort of social engineering required, you may ask why? ATMs are usually behind strong firewalls and they are only allowed to communicate with a specific server, So even if they get access to the command line/Terminal they won't be able to download the malware. Unless they have discovered a way to bypass Firewalls of these ATMs which I doubt strongly. They are at square one without social Engineering.
legendary
Activity: 3514
Merit: 1963
Leading Crypto Sports Betting & Casino Platform
How will they launch an attack against Bitcoin ATMs? There are no access point on the outside of the device to load any Malware. http://prntscr.com/kh4h75  The only people who would have access to the insides of these devices, would be the owner or the technicians that would do firmware upgrades and repairs.  Roll Eyes

I am glad to see that Trend Micro engineers are reacting proactively, before Malware like this hits these machines.  Wink

Social Engineering must be a big part of using this malware. I don't think it can be installed without some sort of social engineering. Almost all ATM malwares require some sort of social engineering and this shouldn't be any different. I dunno if you know this or not but there is a terminal on every ATM machine. They are probably getting in from there and the rest of the magic is done via malware itself I believe.

You still have to get access to some kind of port to transfer the Malware onto the machine, so how are you going to do that if the access ports are locked up inside the machine? By terminal you mean, some kind of command prompt right? So he hacks into the command prompt and launch a script located on a website to redirect coins to his/her Bitcoin address or to launch the Malware?

Ok, that makes sense, but that would need some pretty good knowledge of the software that are being used on these ATMs.
hero member
Activity: 3010
Merit: 794
How will they launch an attack against Bitcoin ATMs? There are no access point on the outside of the device to load any Malware. http://prntscr.com/kh4h75  The only people who would have access to the insides of these devices, would be the owner or the technicians that would do firmware upgrades and repairs.  Roll Eyes

I am glad to see that Trend Micro engineers are reacting proactively, before Malware like this hits these machines.  Wink

Social Engineering must be a big part of using this malware. I don't think it can be installed without some sort of social engineering. Almost all ATM malwares require some sort of social engineering and this shouldn't be any different. I dunno if you know this or not but there is a terminal on every ATM machine. They are probably getting in from there and the rest of the magic is done via malware itself I believe.
I heard that social engineering stuff related to these atm malwares but for us people who don't have much idea on how this thing works will definitely have that question on mind on how its being done.
Kakmakr said above that its impossible to attack from the outside if we do based up the entire structure of a BTC ATM or any other traditional ATM too which only the owner and the technicians will mostly have the access from the inside.
legendary
Activity: 1512
Merit: 1218
Change is in your hands
How will they launch an attack against Bitcoin ATMs? There are no access point on the outside of the device to load any Malware. http://prntscr.com/kh4h75  The only people who would have access to the insides of these devices, would be the owner or the technicians that would do firmware upgrades and repairs.  Roll Eyes

I am glad to see that Trend Micro engineers are reacting proactively, before Malware like this hits these machines.  Wink

Social Engineering must be a big part of using this malware. I don't think it can be installed without some sort of social engineering. Almost all ATM malwares require some sort of social engineering and this shouldn't be any different. I dunno if you know this or not but there is a terminal on every ATM machine. They are probably getting in from there and the rest of the magic is done via malware itself I believe.
legendary
Activity: 3514
Merit: 1963
Leading Crypto Sports Betting & Casino Platform
How will they launch an attack against Bitcoin ATMs? There are no access point on the outside of the device to load any Malware. http://prntscr.com/kh4h75  The only people who would have access to the insides of these devices, would be the owner or the technicians that would do firmware upgrades and repairs.  Roll Eyes

I am glad to see that Trend Micro engineers are reacting proactively, before Malware like this hits these machines.  Wink

full member
Activity: 448
Merit: 110
I am the least surprised even regular ATMs have their own fair share of criminal activities being perpetrated on them let alone Bitcoin ATM.
member
Activity: 153
Merit: 11
Yes these things are available on the Dark Web and everyone should be careful with it.
sr. member
Activity: 966
Merit: 275
Tokyo-based security software manufacturer Trend Micro has found Bitcoin (BTC) automated teller machine (ATM) malware available for purchase online, according to a blog post published August 7.

In the blog post, Trend Micro cites an advertisement posted by an “apparently established and respected” user on a darknet forum. For the price of $25,000, criminals could purchase Bitcoin ATM malware accompanied by a ready-to-use card with EMV and near-field communication (NFC) capabilities.

See more for yourself, here.
Jump to: