ATMs Raided With Ploutus as Windows XP Zero Day Approaches

Mar 31, 2014 By Sharon Solomon

Windows XP will be officially discontinued on 8 April, but the legend platform is far from becoming extinct. 95% of the world’s ATMs are still powered by the 12-year old operating system, opening the door for Ploutus attacks. More and more hackers are using SMS messages to steal money.

As informed in our previous Windows XP Update, there are worrying amounts of businesses and workplaces still using the expiring platform. Surprisingly, such outdated systems and networks are not exclusive to poor countries.

The biggest problems are expected in the banking industry, with thousands of ATMs still using Windows XP. Upgrading the systems to newer software is going to be a long and costly process. Cybercriminals are already exploiting this issue.

Superpowers like JPMorgan have already paid Microsoft for extended customer service, but most Windows XP running bodies don’t have the financial muscle to afford such lavish arrangements. Their ATMs will soon be running on unpatched software that cannot deal with the ever-evolving malware such as the latest Ploutus Trojan.

The new-gen Ploutus malware is a very capable and potent ATM hacking weapon.

ATMs are contaminated by connecting mobile phones to the internals of the ATM, USB tethering being the most common way to get it done. The first text message activates the Backdoor.Ploutus.B (a new generation Ploutus variant) malware loaded on the phone, enabling the hacker to remotely communicate with the machines.

The hacker then starts sending numerical command messages to the phone, which Ploutus converts into network packets and injects into the contaminated machine. The malware also has a built in sniffer (NPM) to monitor all traffic inside the ATM, enabling the detection of numbers to construct legal commands for quick cash withdrawal.

To make matters worse, the phone connected illegally to the ATM never loses charge as it is constantly powered by the USB cable. Unlike earlier versions of the malware, the latest version is quick and doesn’t require the money fetcher to hang around the ATM for long periods. These robberies can go on for weeks or months without being detected.

CISOs and Banking Security executives need to take the following steps immediately:

  • Upgrade the ATMs and systems to supported Windows 7/8 or Linux.
  • Allocate more resources to physical security/surveillance around the machines.
  • Lock down the BIOS to prevent unauthorized criminal booting of the computer.
  • Employ full disc encryption to prevent disc tampering.

Besides these mandatory steps, the security executives should install only secure proprietary software on their systems. It must be made sure that these personalized applications are developed in a secure SDLC. Source Code Analysis (SCA) is a great way to ensure that software is produced with minimal vulnerabilities and loopholes.

Source – Texting ATMs for Cash

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.