ATM Jackpotting Malware Has Already Spread Globally

  • ATM Jackpotting is on the rise and has already infected multiple ATMs across the world.
  • Researchers have found many malware iterations, and reporters have recorded numerous attacks.
  • Most of the incidents aren’t seeing the light, as banks don’t want the negative publicity.

According to a piece by Motherboard, ATM Jackpotting malware has now spread all over the world, threatening to begin ejecting banknotes out of hundreds of thousands of machines. The discovery was the result of a joint investigation between the Motherboard and the German broadcaster Bayerischer Rundfunk (BR), while the situation is now in the hands of the authorities. According to the report, there have been at least 82 jackpotting attacks in Germany over the last couple of years, while similar incidents have been reported in the United States, Southeast Asia, and Latin America.

ATM jackpotting malware needs to be injected into the ATM memory, so the machine has to be opened, and the attackers need to connect their media to the ATM through the USB port. After the infection, the attacker may order the malware to initiate a “jackpot”, which results in the spewing of banknotes until all cash is out or the target cash-dispensing module is emptied. As we saw recently, these type of attacks is on the rise, although it remains a very niche field. That is especially the case since “Cutlet Maker” entered the market of custom malware creation in 2016.

Motherboard reports that most of the ATM jackpotting malware that is to be found around the globe right now has been created with the Cutlet Maker “do-it-yourself” kit. As for whether the infections are taking place right on the ATM location or as part of a production chain compromise, some correlation has been made with the Santander bank, the Wincor 2000xe ATM, and the Diebold Nixdorf manufacturer. For those of you who have been following the news here, we had presented a warning from Diebold Nixdorf back in June, involving a vulnerability that plagued older ATM models (Opteva-based ATMs).

Of course, Santander hasn’t made a clarifying statement other than one to assure of their impeccable checking and securing processes. No one can accuse them of being irresponsible, and at the end of the day, jackpotting attacks are after their money, not their customer data. However, they have suffered at least 36 attacks since last year, so there’s definitely something going on with their systems.

Right now, the Cutlet Maker malware creator is sold in the dark web for $1000, but it is not the only kit that does the job. As we reported in February, there’s another malware called “WinPot”, and which can be loaded onto ATMs via USB ports again. It is sold between $500 and $1000, and modifications of it have already been spotted in the wild. All that said, right now, numerous jackpotting attacks are going on around the world, but most of them aren’t getting publicized.

Have something to comment on the above? Feel free to do just that in the section down below, or on our socials, on Facebook and Twitter.

Sanderson Farms Championship 2023 Live Stream: How to Watch Golf Online from Anywhere
The FedExCup Fall continues this week in the PGA Tour, and the next event on the calendar is the Sanderson Farms Championship....
Alfred Dunhill Links Championship 2023 Live Stream: How to Watch Golf Online from Anywhere
One of golf’s most storied events is all set to take center stage this week as part of the European Tour. The...
How to Watch ICC Cricket World Cup 2023 Online Free: Live Stream Cricket from Anywhere
The greatest cricket extravaganza is upon us, and ten teams will compete to be crowned the best in the world. The ICC...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari