Bitcoin ATM malware is being offered for $25,000 on the Dark Web

Bitcoin ATM malware is being offered for $25,000 on the Dark Web

There’re many types of malware in existence and they employ different methods to enrich their developers. Some are created to monetize web traffic from advertisements. Others encrypt files and ask to pay money for undoing the changes made. There’re also those that make it possible to steal money from bank accounts. And you can’t forget about cryptocurrency, which is mined at the expense of other computers’ resources. Speaking of cryptocurrency, security researchers have discovered a threat that makes it possible to steal from Bitcoin ATMs.

It was found on a Dark Web forum and it’s being offered for $25,000. It lets the potential attackers to raid said ATMs for as much as 6,750 dollars, euros or pounds worth of cryptocurrency and it says that the virus works “by exploiting a service vulnerability” and doesn’t require physical access to the ATM itself. The listing is dated June 25, 2018 and the information on it was originally published in a blog post by Trend Micro. Cryptocurrency’s popularity gets higher every day and more and more often it’s used in the real world. Cybercriminals are always on the lookout for new methods to earn money, so them targeting Bitcoin ATMs isn’t really surprising, considering the context. As well as them wanting to make as much as possible in the shortest amount of time possible.

$25,000 price doesn’t only provide the buyer with malware itself – it also gives access to a ready-to-use card with built-in EMV and NFC capabilities, a multilingual guide and a 24/7 Jabber-based customer support. And the threat is clearly in customer’s demand, as it already has 100 reviews. Its seller also offers regular ATM viruses which are created with EMV standards in mind, the GozNym 2.0 banking Trojan, and compromised financial accounts. In a thread dated July 25, the conventional ATM malware is described as something that switches the ATM to engineer maintenance mode once executed, disconnects it from all networks and disables the arm, which then lets the thief successfully withdraw funds from the machine.

There’re approximately 300 million ATMs in use, so the consequences of this can prove to be disastrous. As a matter of fact, the issues have already become so widespread that IBM has received an increase in ATM security testing requests of 300% in the past year. The financial impact has also been strong, so it’s exceptionally important to keep the systems ATMs employ up-to-date and protected.

As far as cryptocurrency ATM go, there’re approximately 3,500 of them in use, according to Bitcoinist. The number has more than quadrupled over 2017 and there’re two manufacturers that are represented the most on the market – Genesis Coin and General Bytes. Even though such ATMs don’t connect to bank accounts (digital wallets and cryptocurrency exchanges are in their place here), con artists can still carry out successful attacks, as the threat described here isn’t the only one that lets them do that. It should be noted that in order for users to withdraw of transfer cryptocurrency, a Bitcoin ATM employs mobile numbers and ID cards so that the user could be identified. The transfer can only be made after the user has entered a wallet address or scanned a QR code. And even those safety measures aren’t always enough.

Wallet vendors and cryptocurrency exchanges all want to be the main players on the market and there’s a huge amount of them in existence. Unfortunately, the industry standardization is lacking and cybercriminals readily use it to their advantage. However, there’s a certain hope that there won’t be that many sales in this particular case, due to the high price of the virus.


Please enter your comment!
Please enter your name here