How infected ATMs gave away millions of dollars

What do you need in order to withdraw cash from an ATM? First, you need to have a debit or credit card, which acts as a key to your bank account. Second, you must know the PIN code associated with the card; otherwise, the bank wouldn't approve the transaction. Finally, you need to have some money in your account that you can withdraw. However, hackers do things differently: they don't need cards, PIN codes or bank accounts to get money. In reality, all they need is an ATM with some cash in it and a special piece of software.

Earlier this year, at the request of a financial institution, Kaspersky Experts performed a forensic investigation into a cyber-criminal attack that targeted multiple ATMs in Eastern Europe. What they discovered was quite impressive. Imagine this: a guy comes to an ATM, enters a code on a pin pad and almost instantly gets 40 banknotes, and then does it again and again. How can this be possible? Our experts say it's all about a trojan called Tyupkin, which infects the PC inside of an ATM and forces it to dispense banknotes when prompted by a special code.

As the investigation showed, criminals were somehow able to physically access the ATMs so that they could install the malware via a bootable CD on an imbedded Windows machine. The trojan that was used had complex abilities. First, when activated inside of the ATM, it had the ability to turn off the McAfee Solidcare AV software so that it could do its job with ease.

Second, to avoid accidental detection, Tyupkin trojan had the ability to stay in a standby mode for an entire week and activate only Sunday and Monday nights. Third, it had the ability to disable the local network in the case of an emergency, so that the bank could not remotely connect to the ATM to check on what was happening with it.