Researchers patrolling an underground dark web forum have discovered a listing for malware that allows attackers to steal as much as 6,750 dollars, euros or pounds worth of cryptocurrency from Bitcoin ATMs.
The listing, dated June 25, 2018 with a lofty selling price of $25,000, states that the malware works "by exploiting a service vulnerability," without any physical access to the ATM machine required, according to a blog post published today by Trend Micro.
Bitcoin ATMs are terminals that let users connect to exchanges in order to transfer the popular cryptocurrency into their digital wallets using their mobile numbers and ID cards for identity verification. "With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them... it shouldn't come as a surprise then that malware targeting Bitcoin ATMs will pop up in underground markets," says the blog post, authored by senior threat researchers Fernando Merces.
Buyers who purchase the Bitcoin ATM malware reportedly also receive a ready-to-use card with built-in EMV and NFC capabilities, in additional to a multilingual guide and 24/7 Jabber-based customer support. Trend Micro notes that the listing already has 100 reviews -- which suggests the seller has already generated quite a bit of business.
In other posts, the seller also offers regular ATM malware, designed with EMV standards in mind, as well as the GozNym 2.0 banking trojan and various compromised financial accounts.
In a thread dated July 25, the seller describes the conventional ATM malware to a prospective buyer, explaining that once the malware is loaded, the ATM switches to engineer maintenance mode, disconnecting the machine from all networks and disabling the arm, allowing a thief to withdraw funds from the machine.