Hackers hit ATMs with SMS malware

Hacker
Remote hack using a mobile phone.

Security experts have discovered a team of cyber-criminals responsible for hacking into stand-alone ATMs using adapted SMS messages.

Symantec said the hackers were using software called Ploutus which is hard to install because you need to get access to parts of the machine.

Early versions of Ploutus allowed it to be controlled via the numerical interface on an ATM or by an attached keyboard. However, the latest version is controlled remotely via text message.

Tricky hack

It is still not an easy hack to pull off. The attackers open up an ATM and attach a mobile phone, which acts as a controller, to a USB port inside the machine. The ATM still has to be infected with Ploutus.

In a blog post, Daniel Regalado, a Symantec malware analyst, wrote that the phone detects a new message under the required format, converts the message into a network packet and then forwards it to the ATM through the USB cable.

Ploutus has a network packet monitor that watches all traffic coming into the ATM and when it detects a valid TCP or UDP packet from the phone it generates a command line to control Ploutus. This saves a lot of time that a thief spends in front of the machine, decreasing the risk of detection.

The ATM is remotely triggered to dispense cash, allowing someone hired to do the risky job of stopping by to pick up the cash a quick exit. The "money mule" also does not have any information that allows them to skim some cash off for themselves.

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over