Hackers have been using a new ATM malware, dubbed ATMii, to hack cash machines into dispensing all their stored cash. The malware, which was uncovered by security experts in April, only targets ATM machines running Windows 7 and Windows Vista.
Since most ATM machines run on Windows XP, it is peculiar for ATMii to be targeting machines running Windows 7 and Vista. However, this aspect of the malware indicates that it has been specifically designed to likely limit the scale of attacks. Security experts say the malware is straightforward and only contains two modules.
According to security experts at Kaspersky Lab, who uncovered the malware, ATMii allows hackers to scan machines to determine the amount of cash stored at any given time and manipulate the infected ATMs to dispense specific amounts of money. The malware also contains a “die” command that ensures that it deletes a configuration file.
It is still unclear as to how many international banks were targeted by ATMii. It is also unknown as to how much money the malware’s operators successfully stole from ATMs.
IBTimes UK has reached out to Kaspersky for further clarity on the matter and will update this article as and when the company responds.
“ATMii is yet another example of how criminals can use legitimate proprietary libraries and a small piece of code to dispense money from an ATM,” Kaspersky senior developer Konstantin Zykov said in a blog.
“Some appropriate counter-measures against such attacks are default-deny policies and device control. The first measure prevents criminals from running their own code on the ATM’s internal PC, while the second measure will prevent them from connecting new devices, such as USB sticks,” Zykov added.