Symantec has detailed a way in which hackers can use text messages to fraudulently take money from any cash machine running a version of Windows XP.
The operating system and its variants run on around 95 per cent of the world's cash machines and support for the OS runs out on April 8 this year.
Regardless of the deadline, it has been discovered that hackers are already using a flaw in the OS to steal money from cash machines.
First found in Mexico, malware by the name of Ploutus allows criminals to text a message to an infected cash machine and retrieve money dispensed from it.
Daniel Regalado, a Symantec malware analyst, in a blog post said that the risk is not a hypothetical one but one that is already being exploited.
"With the looming end-of-life for Windows XP slated for April 8, 2014, the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet," he said.
"It may seem incredible but this technique is being used in a number of places across the world at this time."
In order to carry out this theft, criminals would have to first install a mobile phone within the cash machine and use USB tethering to connect it to the ATM and keep it powered up. The phone then acts as a packet sniffer and if it is sent a text message in a specified format, it convert that into a network packet is forwarded to the ATM via the USB cable.
The initial message contains an activation ID to start the malware on the cash machine. A second message then give a valid command to the ATM to dispense money.
The IT security firm said that it has now detected variants of the malware localised in the English language, which suggests criminals are now seeking to expand their operations to other countries.
Other "improvements" to the code mean that withdrawals are now automated and money mules sent to get the cash no longer need to be given access codes for the malware meaning the master criminal has complete control over these withdrawals.
"Using SMS messages to remotely control the ATM is a much more convenient method for all of the parties in this scheme, because it is discrete and works almost instantly. The master criminal knows exactly how much the money mule will be getting and the money mule does not need to linger for extended periods around an ATM waiting for it to issue the cash," said Regalado.
As reported by IT Pro, banks are facing the prospect of paying out millions to Microsoft in order to keep cash machines running XP or XP embedded running after the April deadline.
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
-
A new framework for third-party risk in the European Unionwhitepaper Report: DORA and cyber risk
-
Kali Linux releases first-ever defensive distro with score of new toolsNews Kali Purple marks the next step for the red-teaming platform on the project's tenth anniversary
-
Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender updateNews However, some users have resorted to creating their own fixes as they’ve encountered Microsoft’s to be problematic
-
Windows Defender update deletes Start Menu, Taskbar, Desktop shortcutsNews For now, it appears that administrators will have to manually recreate their shortcuts once the issue has been fixed
-
IBM LinuxONE for dummiesWhitepaper Secure your data, build an open hybrid cloud environment, and realise the cost benefits of consolidation
-
Windows 10 users encounter ‘blue screen of death’ after latest Patch Tuesday updateNews Microsoft said it is working on a fix for the issue and has offered users a temporary workaround
-
Apple issues fix for ‘actively exploited’ WebKit zero-day vulnerabilityNews The update marks the 10th fix for zero-day vulnerabilities this year
