A new type of transaction fraud has been noticed at the ATMs using a Linex variant. The attack was carried out by North Korean threat actors who used a new Linux variant to manipulate the payment switch systems to carry out unauthorized cash withdrawals. It is reported that the cyber attack was to be performed by the hackers against the financial institutions.
HabRox, a cybersecurity researcher, reported to the investigation team that the crime was carried out professionally using a Linux variant of FastCash to impersonate malware for Windows and AIX to intercept messages and facilitate transactions. As per the investigational reports unlike other malware, this variant is launched to target the Ubuntu 22.45 LTS distributions.
While tracing back to 2018, a similar case came to the forefront using the same malware. It was carried by a team of Korean threat actors named Hidden Cobra who exploited the FastCast machines and performed unauthorized transactions of millions of dollars in over 30 countries. This group has been performing cybercrime since 2016 and has frauded many banks from Asia to Africa.
The investigation has begun and according to their reports, the crime was carried out by infecting the switching systems with the FastCash malware that consists of a shared library. The malware then intercepts the ISO8583 transactions to withdraw huge amounts of money through an unauthorized and manipulated process. The investigators had put forward to the media that this specific malware targets messages regarding transaction failures due to insufficient funds. The malware here works in a tricky manner by replacing the decline request to approve thus making the withdrawals.
A similar type of ATM hacking malware was found by Kaspersky Lab named ATMitch. This professionally skilled malware operates by first hacking the software systems of the bank and then leading its way to hack other ATM outlets. Kaspersky has also reported that the malware had a third-party controller that allowed it to be distributed to many ATMs. Upon further research on the malware, it was discovered that it might have been designed to hack not just ATMs but the entire bank.
There has been an increase in the number of crimes and fraud at ATMs over the years in various corners of the world. Cybercriminals have adopted such malware as the easiest and safest option to hack ATMs and perform cash transactions. One of the major causes of this is many ATMs still run on outdated operating machines and software. Thus, making it easier for the attackers to hack the inside of the system as these systems do not contain any security alerts. This way the hackers safely carry out any form of unapproved transactions.
The banks have been strictly warned about the various malware capable of hacking entire banking systems over the years. The hackers continue their way toward processing highly efficient malware tools that even consist of self-deleting properties to completely erase any traces of malfunction thus alerting the banks to update their software and security systems.
Read More: AI Chipmaker Set To Challenge Apple For World’s Most Valuable Company Title
