Categories: Security newsTechnology

ATMii malware targets ATMs running Windows 7 and Vista



ATMii malware can make ATMs running on Windows 7 and Vista drain out available cash

Kaspersky Lab researchers have discovered a new ATM (automated teller machines) malware called ATMii that allows hackers to dispense all the available cash stored in the ATMs. This malware targets only those ATM machines that run Microsoft Windows 7 and Windows Vista.

The malicious threat was first detected by Kaspersky six months ago when one of the affected banks shared the malware with Kaspersky security researchers. According to security experts at Kaspersky Lab, the malware includes two files, the exe.exe file (injector module: 3fddbf20b41e335b6b1615536b8e1292), and the dll.dll file (module to be injected: dc42ed8e1de55185c9240f33863a6aa4).

In order to install the ATMii on ATMs, the attacker needs direct access to the target ATM (either over the network or physically). The malware allows hackers to scan machines to determine the amount of cash stored at any given time and manipulate the infected ATMs to drain specific amounts of money. If it is successful, allows criminals to dispense all the cash from the ATM. The malware also contains a “die” command that ensures that it deletes a configuration file.

Kaspersky senior developer Konstantin Zykov said in a detailed blog post “The injector, which targets the atmapp.exe (proprietary ATM software) process, is fairly poorly written, since it depends on several parameters. If none are given, the application catches an exception,”.



However, the small codes can be used to make big losses in ATMs and the entire cash in the ATM can be withdrawn at one time. In order to avoid such attacks, security measures like default-deny policy and device control as well as technical measures to protect the ATM against physical access will be required.

“ATMii is yet another example of how criminals can use a small piece of code to dispense money to themselves. Some appropriate countermeasures against such attacks are default-deny policies and device control. The first measure prevents criminals from running their own code on the ATM’s internal PC, while the second measure will prevent them from connecting new devices, such as USB sticks,” Zykov added.

Travis Smith, principal security researcher at Tripwire, commented in an email to SC Media UK: “The ATMii malware is very targeted, not only because it only supports Windows 7, but also because it is targeted to a specific ATM executable (atmapp.exe). According to Kaspersky’s initial report, this is a proprietary application, so it’s unlikely this specific malware variant will have a large impact on the ATM market world wide. Even with minimal impact, it’s quite easy to prevent the malware’s infection path by implementing foundational controls. Limiting network access and disabling USB ports will reduce the attack surface enough that this simple type of malware won’t make it onto an ATM.”

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

  • Gaming
  • Security news

PS4 is reportedly crashing due to malicious message bug

Malicious gamers are sending messages that are bricking PS4 console; here’s what you can do to make sure that your…

4 hours ago
  • Alternatives
  • List
  • Torrent

Yify Torrents Alternatives- Best Yts like site to download movies

Yify torrents also known as yts is one of the best torrenting sites. Also, the yify group is a renowned name…

4 hours ago
  • News
  • Science

Stephen Hawking’s final fear : A Terrifying Master Race Of Superhumans

Professor Stephen Hawking was one of many scientists that pushed the human race forward by sharing his knowledge and understanding of…

21 hours ago
  • Facebook
  • Security news

Hackers accessed 29 million user accounts, says Facebook

Facebook confirms 29 million users’ data accessed by hackers: How to check if your account has been hacked Last month,…

1 day ago
  • Microsoft
  • News

Microsoft open-sources 60,000 patents to protect Linux

Microsoft makes 60,000 patents open-source to help the Linux Community Microsoft has joined the Open Invention Network ("OIN"), an open-source…

2 days ago
  • Gadgets
  • Technology

World’s fastest camera captures images at 10 trillion frames per second

'World's fastest camera' that freezes images at 10 trillion frames a second is unveiled Researchers from Quebec University’s Institute national…

2 days ago