New ATM malware stock dubbed fix Since the beginning of February 2023, we have seen attacks targeting Mexican banks.
“ATM malware is hidden inside another seemingly harmless program,” said Latin American cybersecurity firm Metabase Q in a report shared with The Hacker News.
Windows-based ATM malware not only requires interaction via an external keyboard, it is vendor agnostic and can infect any teller machine that supports CEN/XFS (short for eXtensions for Financial Services). can.
The exact method of intrusion remains unknown, but Metabase Q’s Dan Regalado told The Hacker News that it’s likely that “the attacker found a way to interact with the ATM via the touchscreen.” .
FiXS is said to be similar to another ATM malware codenamed Ploutus that allowed cybercriminals to withdraw cash from ATMs using an external keyboard or sending SMS messages. It is
One of the notable features of FixXS is the ability to take advantage of the Windows GetTickCount API to withdraw money 30 minutes after the ATM was last restarted.
Samples analyzed by Metabase Q are coded in Delphi and delivered via a dropper known as Neshta (conhost.exe), a file infector first seen in 2003.
“FiXS is implemented using the CEN XFS API and, like other malware such as RIPPER, can run on almost any Windows-based ATM with little or no coordination,” said the cybersecurity firm. “The way FixS interacts with criminals is through an external keyboard.”
With this development, FiXS is the latest in a long list of malware such as Ploutus, Prilex, SUCEFUL, GreenDispenser, RIPPER, Alice, ATMitch, Skimer, and ATMii that have targeted ATMs to siphon money.
Discover the latest malware evasion tactics and defense strategies
Ready to smash the 9 most dangerous myths about file-based attacks? Join our upcoming webinar and become a hero in the fight against patient zero infections and zero-day security events!
reserve a seat
Pilex then evolved into a modular point-of-sale (PoS) malware that carried out credit card fraud through a variety of methods, including blocking contactless payment transactions.
In a detailed report on ATM malware published in September 2017, Trend Micro stated, “Cybercriminals who compromise networks have the same end goal as those who carry out attacks through physical access. It’s about distributing cash.”
“But instead of manually installing malware on the ATM via USB or CD, criminals don’t have to go to the machine anymore. They have a standby money mule to pick up and move the cash.”
