ATM Malware and Skimmers

Next story


 ATM skimming hardware has been commonplace for a long time, for the eagle eyed individual they can be fairly easy to spot. But you can’t spot something inside the machine itself.

You are probably aware of, or even might have spotted, the traditional physical ATM skimmers of yore.

They often consisted of a piece over the card slot to read the chip, combined with either a small camera or false number pad to capture your pin. Crude, but often effective, and the more compact versions could be nigh undetectable to the untrained eye.

Now cybercrims are resorting to much more insidious means: infecting an ATM with malware. Meaning that they can still steal your card info but the outside of the ATM remains unchanged.


Infected ATMs


From the cyber criminal’s point-of-view the first problem is access. How do you install malware on an ATM in the first place?

Mark James, ESET security specialist explains that “there are a couple of methods that could be used, either by direct connection from inside the building using a USB device by an employee or someone purporting to be an agent working on behalf of the vendor with some form of validation either socially engineered or forged.

“It’s not that hard to protect against, as usual it’s down to practicality and resources, in theory anyone wishing access to these devices should have some form of verifiable ID that can be cross referenced at head office verbally and also a backup form of two-factor authentication originating from the actual device for any work carried out on premise, one could be overcome but both would be very hard.”


More and more sophisticated


Skimming technology seems to be getting more complicated and certainly more sophisticated.

Recently security pro Brian Krebs went on an adventure in Mexico tracking a Bluetooth Skimmer which is placed inside the ATM itself. The captured data can then be pulled from the device via a smartphone.

Mark explains that “we are certainly seeing malware getting much more sophisticated. It’s relatively easy to write some piece of code to target a wide range of software and hardware but your results have a large degree of luck, plus a better chance of getting detected by generic malware detection routines.

“Once you whittle down your targets and concentrate on a specific sector then you have a better chance of tweaking the code to get it right, thus only getting the info you require.

“It would be good to see ATM machines with emergency numbers hard printed on the front for immediate use if there are any problems.

“This would work in two ways, if your card gets stuck for any reason (nefarious or otherwise) then you can immediately call them for help but also if the number has been covered up then it may be an indication that the unit has been tampered with.”

Have you even been the victim of an ATM Skimmer? Or spotted one?

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.

Are you Serious about Security? If you are then check out everything that’s going on during Security Serious week.