Criminals steal from Windows XP cash machines using text messages
Hackers use SMS to withdraw money from ATMs running Windows XP.
Symantec has detailed a way in which hackers can use text messages to fraudulently take money from any cash machine running a version of Windows XP.
The operating system and its variants run on around 95 per cent of the world's cash machines and support for the OS runs out on April 8 this year.
Regardless of the deadline, it has been discovered that hackers are already using a flaw in the OS to steal money from cash machines.
First found in Mexico, malware by the name of Ploutus allows criminals to text a message to an infected cash machine and retrieve money dispensed from it.
Daniel Regalado, a Symantec malware analyst, in a blog post said that the risk is not a hypothetical one but one that is already being exploited.
"With the looming end-of-life for Windows XP slated for April 8, 2014, the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet," he said.
"It may seem incredible but this technique is being used in a number of places across the world at this time."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
In order to carry out this theft, criminals would have to first install a mobile phone within the cash machine and use USB tethering to connect it to the ATM and keep it powered up. The phone then acts as a packet sniffer and if it is sent a text message in a specified format, it convert that into a network packet is forwarded to the ATM via the USB cable.
The initial message contains an activation ID to start the malware on the cash machine. A second message then give a valid command to the ATM to dispense money.
The IT security firm said that it has now detected variants of the malware localised in the English language, which suggests criminals are now seeking to expand their operations to other countries.
Other "improvements" to the code mean that withdrawals are now automated and money mules sent to get the cash no longer need to be given access codes for the malware meaning the master criminal has complete control over these withdrawals.
"Using SMS messages to remotely control the ATM is a much more convenient method for all of the parties in this scheme, because it is discrete and works almost instantly. The master criminal knows exactly how much the money mule will be getting and the money mule does not need to linger for extended periods around an ATM waiting for it to issue the cash," said Regalado.
As reported by IT Pro, banks are facing the prospect of paying out millions to Microsoft in order to keep cash machines running XP or XP embedded running after the April deadline.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.