Kaspersky Lab specialists talked about a malware for ATMs called Cutlet Maker. Initially, the malware was advertised and distributed through the AlphaBay darkmarket, which was closed by law enforcement agencies last summer. Now malware operators have launched their own onion site ATMjackpot, where they continue to sell their "product", whose specifications have changed slightly in recent months.
The malware advertisement, which can be seen in the illustrations below, states that Cutlet Maker can be used to attack various models of ATMs, and interaction with users and their data is not required. But physical access to the machine will be needed, since the attack involves physical "opening" and connection to the USB port of the ATM. To control the issuance of money, the malware uses an unnamed proprietary library.
The cybercriminals also attached a video demonstration to their messages. Bleeping computer reporters uploaded these videos to YouTube, so below you can see the actual ATM hacking.
Cutlet Maker is currently available for purchase for $ 5,000. According to Kaspersky Lab, for this money, cybercriminals sell a set consisting of Cutlet Maker (the main element of the toolkit, the malware itself), the Stimulator application (collects data on the contents of cassettes in the attacked ATM), and c0decalc ( a simple application that generates special codes for malware). The researchers believe the tools may have been developed by different people.
Bleeping Computer representatives write that the new version of Cutlet Maker sold on ATMjackpot no longer uses c0decalc. The generation of codes is carried out directly through the cybercriminals' site.
In their report, Kaspersky Lab experts report that Kaspersky Embedded Systems Security protects against Cutlet Maker. However, last week, analysts from Embedi representatives of their own study (PDF), which described a way to bypass KESS.
