Hacked: Hacking Finance

Backdoors Affect Bitcoin ATMs and ATMs Alike

Introduction

Justin OConnell

Justin OConnell

Justin O'Connell is the founder of financial technology focused Virtualis.co, a digital media and property boutique overseeing wholly-owned properties like Gold Silver Bitcoin, alongside a portfolio of clients. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.


LATEST POSTS

Watch This Penny Stock As Mexico Approves Medical Marijuana 07th May, 2017

An Investor’s Guide to Trump’s First 100 Days 03rd May, 2017

Breaches

Backdoors Affect Bitcoin ATMs and ATMs Alike

Posted on .

The Bitcoin ATM, as a relatively new industry, has perhaps not been put to the test like Bitcoin exchanges. This has some criminals worrying if Bitcoin ATMs could be a good place to steal value. 

Criminals all over the world already target regular ATMs, so, perhaps thinking that the amateur-nature of Bitcoin could make such ATMs susceptible, bugs and malware have been designed for a Bitcoin ATM.

Russian security firm malware researchers at a Russian security firm identified a new Trojan designed for Linux devices which takes screenshots and logs keystrokes.

Researchers at the security firm Dr Web suggests that the Linux spyware (labeled Linux.BackDoor.Xunpes.1) was designed to specifically target Bitcoin ATMs made by Spain-based Bitcoin startup Pay MaQ.

Dr Web researchers highlight a “dropper” or installed package of the malware, which activates upon a login page bearing Pay MaQ’s logo. Once the package is run, a backdoor is saved to the folder /tmp/.ltmp/.

The backdoor allows a remote server to connect with encryption and take screenshot and logging keystrokes and then retransmits the resulting data. The malware researchers could not say for certain if Pay MaQ is the only Bitcoin ATM software targeted.

Pay MaQ originally ran an Indiegogo campaign in 2014 to fund “low-cost” Bitcoin ATM’s, but did not meet a  €60,000 target. Why such a bug would be designed for a machine of essentially no consequence.

“The investigation is still ongoing,” Dr Web’s spokesman said. “The C&C server was hosted on some suspicious website which went 403 a few days ago. Maybe victims were downloading malware from there and it got shut down after getting attention from infosec specialists.”

Not only have Bitcoin ATM’s been targeted. Law enforcement authorities in Romania and the Moldova recently neutralized earlier this month a criminal network responsible for the theft of 200,000 euros from ATM’s in the European Union and Russia through a malware bug.

Researchers first documented the malware in October 2014, dubbing it Tyupkin, which can be installed on ATMs through a CD. Using the software, an ATM will dispense cash through commands entered on its PIN pad. The attackers targeted machines made in the US by manufacturer NCR.

The bug instructed the ATM software to delete itself after theft was completed. ATMs in Romania, Moldova, Hungary, Czech Republic,Spain and Russia were targeted. Researchers have also recently found another bug, called Padpin, used to infect ATMs.  But those are not the only ATMs recently compromised.

FireEye, in September, discovered another ATM malware program dubbed Suceful, which locked people’s credit and debit cards inside ATMs. Also in September, another malware program, called GreenDispenser, was found on ATMs in Mexico.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

Justin OConnell

Justin OConnell

http://www.virtualis.co

Justin O'Connell is the founder of financial technology focused Virtualis.co, a digital media and property boutique overseeing wholly-owned properties like Gold Silver Bitcoin, alongside a portfolio of clients. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.

Comments
  • user

    AUTHOR BEN

    Posted on 1:48 am July 19, 2016.

    BE SMART AND BECOME RICH IN LESS THAN 3DAYS… Are you living a poor life,then here is the opportunity you have been waiting for. Get the new ATM BLACK CARD that can hack any ATM MACHINE and withdraw money from any account. You do not require anybody’s account number before you can use it. Although you and I knows that its illegal,there is no risk using it. It has SPECIAL FEATURES, that makes the machine unable to detect this very card,and its transaction is can’t be traced . You can use it anywhere in the world. With this card,reach the hackers via email address :[email protected] or contact with this mobile number:+447031909657.
    BE SMART AND BECOME RICH IN LESS THAN 3DAYS… Are you living a poor life,then here is the opportunity you have been waiting for. Get the new ATM BLACK CARD that can hack any ATM MACHINE and withdraw money from any account. You do not require anybody’s account number before you can use it. Although you and I knows that its illegal,there is no risk using it. It has SPECIAL FEATURES, that makes the machine unable to detect this very card,and its transaction is can’t be traced . You can use it anywhere in the world. With this card,reach the hackers via email address :[email protected] or contact with this mobile number:+447031909657.

  • View Comments (1) ...
    Navigation
    The effects of the Edward Snowden revelations are still felt…