Effective new Trojan skims card info from widely used ATMs
Posted on 18.12.2013
Researchers from Russian AV company Doctor Web have managed to get their hands on a Trojan aimed at recording and collecting card information from one of the most widespread ATM machine types. Unfortunately, they didn't say which one.


"Trojan.Skimer.18 is by no means the first backdoor to infect ATM software, but it is the first to target devices so common throughout the world," the researchers explained its importance.

The Trojan comes in the form of a dynamic link library (DLL) and gets loaded by an infected application. Once having gained a foothold on the machine, it immediately creates a log file that will store the stolen information - Track 2 data (card / account number, expiry date, service code) and PIN codes.

"It is noteworthy that in order to maintain confidentiality, ATM manufacturers employ a special technology that facilitates the encrypted transmission of PIN codes entered into ATMs, and the encryption key is regularly updated from the bank's server," they pointed out, but added that Trojan.Skimer.18 easily bypasses this protection and uses the ATM's software to decrypt PIN codes.

The criminals control the malware via specially designed master cards.

Once inserted into the ATM's card slot, these cards make a Trojan dialogue box pop up and allow criminals to use the ATMs keypad to interact with the malware.

If directed to do so, the Trojan can delete itself or the log file from an infected ATM, restart the machine or change its operation mode, and even update itself by using an app from the master card's chip. The master cards can also "download" the already stolen info after first compressing the file.









Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //