Report: Ready-to-Use Malware for Bitcoin ATMs Found for Sale Online

Published at: Aug. 9, 2018

Tokyo-based security software manufacturer Trend Micro has found Bitcoin (BTC) automated teller machine (ATM) malware available for purchase online, according to a blog post published August 7.

In the blog post, Trend Micro cites an advertisement posted by an “apparently established and respected” user on a darknet forum. For the price of $25,000, criminals could purchase Bitcoin ATM malware accompanied by a ready-to-use card with EMV and near-field communication (NFC) capabilities.

EMV chips were originally developed by leading credit card providers to store data on integrated circuits rather than magnetic stripes, while NFC enables two electronic devices to wirelessly exchange information.

The malicious software reportedly exploits a Bitcoin ATM vulnerability, which allows fraudsters to receive the BTC equivalent of up to 6,750 U.S. dollars, euros, or pounds. According to Trend Micro, the seller has received over 100 online reviews both for the malware and other products.

Another forum thread showed that the seller also offers regular ATM malware that has been updated for EMV standards. Further research reportedly revealed that the malware exploits a menu vulnerability to disconnect an ATM from the network in order to disable alarms. In conclusion, Trend Micro suggested:

“As long as there is money to be made — and there is quite a bit of money in cryptocurrencies — cybercriminals will continue to devise tools and to expand to lucrative new ‘markets.’ As the number of Bitcoin ATMs grows, we can expect to see more forms of  malware targeting cryptocurrency ATMs in the future.”

Another recent study conducted by cybersecurity company Duo Security revealed a network of thousands of crypto-related scam bots on Twitter, advertising fake “giveaways.” The project involved 88 million Twitter accounts, with researchers using machine learning techniques to train a bot classifier. The classifier unearthed 15,000 bots spreading fake competitions and impersonating some of the cryptocurrency industry’s best-known figures and businesses.

In July, Valve Corporation removed a game from its Steam video game marketplace that allegedly hijacked users’ computers to mine Monero. Steam took action following complaints from a number of users who said that the game setup file seemed to include a Trojan virus and malware disguised as steam.exe processes and launcher.

Tags
Atm
Related Posts
Crypto Scammers Turn Toward Terrorism With a Japanese Bomb Threat
Crypto terrorists threatened to bomb a government office on the Japanese island of Hokkaido. They told authorities that they would only disable the alleged explosive device if their crypto ransom was paid. According to FNN, the terrorists sent the Numata Town Hall an email stating they had installed a bomb in a women’s second-floor toilet. They claimed that as long as officials met their payment demands before 03:00 UTC on June 29, the bomb would not be detonated. However, this appears to have been a fake threat. The deadline set by the criminals has passed and the hall remains intact …
Bitcoin / July 29, 2020
Researchers Detect Ambitious Bitcoin Mining Malware Campaign Targeting 1,000s Daily
Cybersecurity researchers have identified a persistent and ambitious campaign that targets thousands of Docker servers daily with a Bitcoin (BTC) miner. In a report published on April 3, Aqua Security issued a threat alert over the attack, which has ostensibly “been going on for months, with thousands of attempts taking place nearly on a daily basis.” The researchers warn: “These are the highest numbers we’ve seen in some time, far exceeding what we have witnessed to date.” Such scope and ambition indicate that the illicit Bitcoin mining campaign is unlikely to be “an improvised endeavor,” as the actors behind it …
Technology / April 6, 2020
Riviera Beach City Council Agrees to Pay $600,000 in BTC to Ransomware Attackers
The city council of Riviera Beach, Florida has agreed to pay nearly $600,000 worth of Bitcoin (BTC) to regain access to data encrypted in a hacker attack, the New York Times reported on June 19. On May 29, the city experienced “a data security event” when a police department employee opened an allegedly infected email attachment, which eventually resulted in the online system breakdown. The hackers allegedly encrypted government records, blocking access to critical information and leaving the city without an ability to accept utility payments other than in person or by regular mail. A city spokeswoman, Rose Anne Brown …
Bitcoin / June 20, 2019
Consumer-Targeted Cryptojacking Is ‘Essentially Extinct’: Research
Illicit crypto mining — or cryptojacking — against consumers “is essentially extinct,” declares a report released by cybersecurity company MalwareBytes on April 23. Per the report, after in-browser mining service CoinHive shut down in early March — when the team claimed that the project had become economically inviable — cryptojacking against consumers has sharply decreased. At the same time, the number of such attacks targeting businesses increased from the last quarter. Furthermore, MalwareBytes also notes that bitcoin (BTC) holders who use Electrum wallets on a Mac have lost over $2.3 million in stolen coins to a Trojanized version of the …
Bitcoin / April 27, 2019
Malwarebytes' Cybercrime Q2 2018 Report: Cryptojacking is Plateauing in Response to Markets
Interest in cryptojacking is potentially waning among cybercriminals in response to lower cryptocurrency market valuations, according to a report from MalwareBytes Labs released July 17. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The data and analysis laid out in Malwarebytes Labs’ “Cybercrime Tactics and Techniques: Q2 2018” report shows that while cryptojacking remains popular, decreases in detections of the activity across the board suggest that the trend may be beginning to decline: “We are not certain which [cybercrime] threat is going to take over as the top …
Bitcoin / July 18, 2018