ATM jackpotting definition. ATM jackpotting is a fraudulent act where cybercriminals cash out automatic teller machines using extremely sophisticated malware . To pull off this illegal payday, criminals avoid using brute force to dispense cash.

ATM malware is malicious software designed to compromise automated teller machines (ATMs) by exploiting vulnerabilities in the machine's hardware or software . ATM malware is used to commit a crime known as “jackpotting” in which attackers install malware that forces ATMs to dispense large amounts of cash on command.

What is the ploutus d ATM jackpot?

ATM Malware In a ATM Jackpotting attack, the attacker inserts a USB device ridden with ATM specific malware, such as CutletMaker or Ploutus D, into the ATM's USB port . The malware instructs the machine to dispense cash which the attacker later collects.

Tyupkin is a piece of malware that allows cyber criminals to empty cash machines via direct manipulation . This malware, detected by Kaspersky Lab as Backdoor.

What does ATM stand for in texting?

abbreviation for at the moment : used for example on social media and in text messages: I'm busy atm.

What is skimming ATM?

Skimming occurs when devices illegally installed on ATMs, point-of-sale (POS) terminals, or fuel pumps capture data or record cardholders' PINs . Criminals use the data to create fake debit or credit cards and then steal from victims' accounts.

What is a malware that locks you out of your device?

Ransomware is malware designed to lock users out of their system or deny access to data until a ransom is paid.

How do I know if my device has malware?

Find more signs of malware Alerts about a virus or an infected device. Anti-virus software you use no longer works or runs. A significant decrease in your device's operating speed. A significant, unexpected decrease in storage space on your device. Your device stops working properly or working altogether.

What does malware do to your cell phone?

What can viruses and other malware do to Android phones? Malware is designed to generate revenue for cybercriminals. Malware can steal your information, make your device send SMS messages to premium rate text services, or install adware that forces you to view web pages or download apps .

Ploutus is a type of ATM malware that is designed to allow attackers to physically control ATMs, bypass security measures, and steal large amounts of money . This malicious software is one of the most sophisticated and advanced types of ATM malware currently in circulation.

What is another term for ATM?

Other terms include any time money, cashline, tyme machine, cash dispenser, cash corner, bankomat, or bancomat . ATMs that are not operated by a financial institution are known as "white-label" ATMs.

What is an ATM used for?

ATMS, or automated teller machines, are banking outlets where you can withdraw cash without going into a branch of their bank . Some ATMs only dispense cash, while others allow transactions such as check deposits or balance transfers.

What is the full meaning of ATM?

Definition of ATM ATM stands for an “ Automated Teller Machine ”. An ATM is a computerized device that enables individuals to conduct various banking transactions without the need for a human teller. It provides a convenient way to access and manage our bank accounts, even outside the banking hours.

Jackpotting malware | Infosec (2024)

Malware analysis

Introduction

Jackpotting malware is not well known because it exclusively targets automated teller machines (ATMs). This means it usually doesn’t directly affect a large number of people. However, this type of malware may seriously harm the reputation and the financial stability of the banks owning the hacked ATMs.

For example, between February and November 2017, at least 10 jackpotting attacks were conducted in the German state of North Rhine-Westphalia. As a result of those attacks, hackers stole 1.4 million EUR (about $1.5 million).

Become a certified reverse engineer!

Ploutus and Cutlet Maker

Ploutus was first discovered in Mexico in 2013. The first version of Ploutus had to be installed on an ATM machine by inserting a CD in the ATM’s CD-ROM. The 2014 version, called Backdoor.Ploutus.B, relied on distribution through a mobile phone. Such a distribution is also known as USB tethering.

The operation of jackpotting malware

The first step towards the successful operation of jackpotting malware is gaining physical access to the targeted ATM. To do so, fraudsters often dress like ATM technicians in order to avoid attracting attention. In some cases, criminals also use an endoscope, an instrument that allows physicians to look inside the human body, to find computer ports within the targeted ATM.

The second step is the activation of the jackpotting malware. This is usually done by using the keyboard of the hacked ATM machine or by sending SMS commands to it. The latter method is much more convenient because it works almost instantly and provides criminals with the opportunity to perform their malicious operations without the need to expose themselves publicly.

The third step relates to taking the stolen money from the hacked ATM. This is usually done by money mules, individuals who perform high-risk operations upon the instructions of criminals. Many money mules may be young individuals who are usually not well aware of the consequences of their actions. For example, a report of the UK police indicates that 36% of the money mules participating in money laundering were individuals under the age of 21.

Money mules can be divided into three categories, unknowing mules, witting mules and complicit mules. Unknowing mules do not know at all that they are engaged in criminal activities. Witting mules have noticed signs (e.g., warning messages from banks) indicating that they are engaged in criminal activities but have nevertheless decided to proceed further. Complicit mules are well aware of their participation in criminal schemes.

Protection against jackpotting malware

Banks willing to protect their ATM machines against jackpotting malware need to take at least the following measures:

Installing and maintaining up-to-date anti-malware software
Locking down ATM systems in order to prevent the uploading of unauthorized programs
Disabling auto-run and boot features
Making sure that the ATM machines do not include default passwords. Default passwords can be found in instruction manuals that are usually publicly available
Enhancing the physical security of ATM machines by, for example, installing security cameras next to ATM machines and hiring security officers to monitor those cameras

Conclusion

The number of cyberattacks relying on jackpotting malware has increased in recent years. In this article, we examined only two types of jackpotting malware, namely, Ploutus and Cutlet Maker. However, many other types currently exist (e.g., WinPot, Tyupkin virus and Prilex). All these malware applications have the potential to quickly empty a large number of ATMs.

As shown above, the operation of jackpotting malware is rather simple. It consists of three steps: installing the malware, activating the malware and collecting the criminal proceeds. The most effective method to avoid infections with jackpotting malware is to prevent criminals from completing the first step. This can be done by taking both application and physical security measures.

Sources

ATM Jackpotting: How to Protect Your Machines, PaymentsJournal
ATM Hacking Has Gotten So Easy, the Malware's a Game, Wired
EU: ATM jackpotting attacks earn crooks less than €1,000 in the first half of 2019, ZDNet
Malware That Spits Cash Out of ATMs Has Spread Across the World, Vice
I was a teenage 'money mule', BBC Money News
First ‘Jackpotting’ Attacks Hit U.S. ATMs, Krebs on Security
Ploutus, NJCCIC
Cutlet Maker, NJCCIC
New Variant of Ploutus ATM Malware Observed in the Wild in Latin America, FireEye
New malware hacks ATMs to spit out free cash, TechRadar
Lewis, T., ‘Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation’, John Wiley & Sons, 2019