ATMs under attack, all it takes is a USB stick to steal money

New virus alert regarding ATMs. Experts at Kaspersky have noticed a spike in ATM infections, which are starting to "spit out" money on command

Why go to all the trouble to program a virus that steals users' online bank account login credentials, and then set up a phishing campaign to convey it, if you can directly write a virus that forces ATMs to spit out cash until it empties?

And, in fact, this virus has already been created and is starting to spread everywhere. The scam is called "jackpotting", the virus in question is called "Cutlet Maker", meaning cutlet cook, and all it takes to empty an ATM is a USB flash drive. The first experiments with such a virus date back as far as 2010, but it wasn't until 2017 that it was discovered that Cutlet Maker was for sale on the Dark Web. Now, according to an investigation by Motherboard and Bayerischer Rundfunk (Bavaria's public TV), reports of hacked ATMs are spiking.

Cutlet Maker

Cutlet Maker malware does not lack irony. The name itself is a tease: "Cutlet" means schnitzel in English, but the sound of the word sounds a lot like the Russian term for wads of cash. And this is also a clue as to the possible origin of the virus. When it goes live, delivered via a very common USB stick, Cutlet Maker forces the ATM terminal to show a cartoon on the screen with a cook saying "Ho-Ho-Ho, let's make some cutlets today!". Next to the cook you see a laughing cutlet. At that point the ATM begins to give out money, only to stop when it is empty. Tens of thousands of euros can be taken from the bank in a matter of minutes.

Unfaithful employees?

You may notice that money is taken from the ATM and that no bank account is emptied. In 2017, Kaspersky Lab had issued an early warning regarding the possibility of hacking many terminals and showed in a video how to do it. Exactly as it happens today with Cutlet Maker, also in Kaspersky's video the virus enters the ATM via a USB stick to be connected directly to the computer that runs the ATM software. This means that someone has to physically open the ATM, connect the stick, and activate the virus by entering commands via the ATM's internal keyboard. There are currently no reports of Cutlet Maker infection via the Net.