Man
Professional
- Messages
- 3,108
- Reaction score
- 670
- Points
- 113
A vulnerability in payment gateways on Linux makes ATMs easy prey.
In recent months, researchers from the doubleagent resource have recorded the activity of a new version of the FASTCash malware. It targets Linux operating systems and is associated with hacker groups from North Korea.
The malware aims to hack financial networks to illegally withdraw money from ATMs. FASTCash intercepts and modifies transaction data processed on payment gateways, allowing false withdrawal requests to be approved.
Previously known versions of FASTCash affected IBM AIX and Windows-based systems. However, the new Linux variant, the researchers found, is designed to run on Ubuntu 20.04. The malware can intercept messages about rejected transactions and approve them by adding random amounts to the card in Turkish lira.
Studies have shown that the Linux variant has similar mechanisms to previous versions for Windows, but with some differences. The main purpose of the program is to manipulate ISO8583 messages that are used to process transactions. Like the Windows version, it works with the Turkish currency and uses unique fields to falsify transaction data.
It is noteworthy that the malware exploits vulnerabilities in payment gateways where there are no mechanisms for verifying the integrity of messages. This allows FASTCash to make changes without being noticed. The malware creates false approved responses to requests for insufficient funds by substituting arbitrary amounts.
The researchers also noted that there are signs of using a VMware virtual machine for development in the code of the Linux version. The malware can be injected into a running process using the ptrace system call, making it difficult to detect without proper security settings on Linux servers.
Although the Linux variant has limited features compared to the Windows version, it still poses a serious threat to financial institutions. The main goal is to spoof transaction data on devices such as ATMs and POS terminals, allowing attackers to receive large sums illegally.
To prevent such attacks, experts advise strengthening the authentication of messages and using stronger security methods, such as chips and PIN for debit cards, as well as cryptographic verification of responses to requests.
Source
In recent months, researchers from the doubleagent resource have recorded the activity of a new version of the FASTCash malware. It targets Linux operating systems and is associated with hacker groups from North Korea.
The malware aims to hack financial networks to illegally withdraw money from ATMs. FASTCash intercepts and modifies transaction data processed on payment gateways, allowing false withdrawal requests to be approved.
Previously known versions of FASTCash affected IBM AIX and Windows-based systems. However, the new Linux variant, the researchers found, is designed to run on Ubuntu 20.04. The malware can intercept messages about rejected transactions and approve them by adding random amounts to the card in Turkish lira.
Studies have shown that the Linux variant has similar mechanisms to previous versions for Windows, but with some differences. The main purpose of the program is to manipulate ISO8583 messages that are used to process transactions. Like the Windows version, it works with the Turkish currency and uses unique fields to falsify transaction data.
It is noteworthy that the malware exploits vulnerabilities in payment gateways where there are no mechanisms for verifying the integrity of messages. This allows FASTCash to make changes without being noticed. The malware creates false approved responses to requests for insufficient funds by substituting arbitrary amounts.
The researchers also noted that there are signs of using a VMware virtual machine for development in the code of the Linux version. The malware can be injected into a running process using the ptrace system call, making it difficult to detect without proper security settings on Linux servers.
Although the Linux variant has limited features compared to the Windows version, it still poses a serious threat to financial institutions. The main goal is to spoof transaction data on devices such as ATMs and POS terminals, allowing attackers to receive large sums illegally.
To prevent such attacks, experts advise strengthening the authentication of messages and using stronger security methods, such as chips and PIN for debit cards, as well as cryptographic verification of responses to requests.
Source
