Threat Management, Threat Management, Malware

Dark web listing for Bitcoin ATM malware promises plentiful payouts

Researchers patrolling an underground dark web forum have discovered a listing for malware that allows attackers to steal as much as 6,750 dollars, euros or pounds worth of cryptocurrency from Bitcoin ATMs.

The listing, dated June 25, 2018 with a lofty selling price of $25,000, states that the malware works "by exploiting a service vulnerability," without any physical access to the ATM machine required, according to a blog post published today by Trend Micro.

Bitcoin ATMs are terminals that let users connect to exchanges in order to transfer the popular cryptocurrency into their digital wallets using their mobile numbers and ID cards for identity verification. "With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them... it shouldn't come as a surprise then that malware targeting Bitcoin ATMs will pop up in underground markets," says the blog post, authored by senior threat researchers Fernando Merces.

Buyers who purchase the Bitcoin ATM malware reportedly also receive a ready-to-use card with built-in EMV and NFC capabilities, in additional to a multilingual guide and 24/7 Jabber-based customer support. Trend Micro notes that the listing already has 100 reviews -- which suggests the seller has already generated quite a bit of business.

In other posts, the seller also offers regular ATM malware, designed with EMV standards in mind, as well as the GozNym 2.0 banking trojan and various compromised financial accounts.

In a thread dated July 25, the seller describes the conventional ATM malware to a prospective buyer, explaining that once the malware is loaded, the ATM switches to engineer maintenance mode, disconnecting the machine from all networks and disabling the arm, allowing a thief to withdraw funds from the machine.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds