A criminal gang is using a piece of malware to allow them to steal millions in cash from ATMs around the world without having to use a credit or debit card.
The hackers are using a piece of malware called Tyupkin, which once installed on an ATM, allows the criminals to steal huge amounts of money by simply entering a series of codes.
The malware has so far been detected infecting ATMs in Europe, Latin America, and Asia.
The attack was detected by Russian security firm Kaspersky Lab, which was asked by an unnamed financial institution to investigate the cyber-attack.
There are no details relating to the criminal gang behind the attacks, but Kaspersky Lab says the gang has stolen “millions of dollars” using the Tyupkin malware.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software,” said Vicente Diaz, principal security researcher at Kaspersky Lab.
“Now we are seeing the natural evolution of this threat with cybercriminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching directAdvanced Persistent Threat (APT)-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure.”
Kasperksy alerted Interpol to the attacks and it has informed the affected countries.
“Offenders are constantly identifying new ways to evolve their methodologies to commit crimes, and it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi,” said Sanjay Virmani, director of the Interpol Digital Crime Centre.
Here’s how the Tyupkin attack works: