- Kaspersky Labs has discovered a new malware affecting ATM machines.
- The WinPot malware is available on dark web forums for sale, and similar malware variants may also become common.
- The malware turns the infected ATM machines into slot games that dispense cash.
Researchers from Kaspersky Labs have discovered a malware that hijacks ATMs and turns them into slot machines. You can even dispense cash from the infected machines as long as you win! The WinPot malware was first spotted in forums in March last year.
The hackers behind the WinPot malware developed the UI to look like a slot machine. A visual interface is present with a spin button. Pressing the “Spin” button will cause cash to be dispensed while the “Stop” button stops cash flow. A “Scan” button is also present to scan for additional cassettes of cash and restarts the game.
WinPot is similar in nature to Cutlet Maker, which is another popular malware that was loaded into ATMs via USB ports. Cutlet Maker was priced at $5,000 in 2017 but is currently priced at $500-$1000. WinPot commands a similar price tag as Cutlet Maker and is easily available in dark web forums. ATM machines have become prime targets for cybercriminals with not enough security measures being in place to protect them in many cases.
According to Kaspersky “We expect to see more modifications of the existing ATM malware. The preferred way of protecting the ATM from this sort of threat is to have device control and process whitelisting software running on it. The former will block the USB path of implanting the malware directly into the ATM PC, while the latter will prevent execution of unauthorized software on it.”
ATM malware is fairly simple to develop. Most countries do not have up to date security practices that protect from outside attacks. It is up to banks and financial institutions to implement proper security measures to keep users safe from such malware attacks.