CutLet Maker, the malware that empties ATMs

Research conducted by Kaspersky Lab has shown the growing rise of malware designed for ATMs, here's what it's all about

Atm machines continue to be one of the top targetsĀ of cyber criminals. Kaspersky Lab researchers, not surprisingly, have discovered a new malware targeting ATMs. Viruses, in fact, are among the most used tools nowadays to steal our money from ATMs.

In the past, malicious people used more "physical" methods to clone credit cards or steal our bank account information by tampering with ATMs. Recently, hackers have started using malware. These allow manipulating ATMs from the inside. And also these virus packages are sold for a few tens of euros on the dark web. Although malicious tools for hacking ATMs have been known for several years, Kaspersky Lab's latest discovery shows that malware creators are investing more and more resources to make their "products" accessible even to criminals without computer skills.

The Research

Earlier this year, a Kaspersky Lab partner provided one of the company's researchers with a previously unknown malicious virus, known asĀ CutLet Maker, and allegedly created to infect PCs operating inside ATMs. Researchers then decided to find out if it was possible to purchase this malware or something related to it in dark web forums. The investigation revealed that cyber criminals were selling these viruses cheaply on the popular AlphaBay portal. The "purchase package" includes not only the virus, but also a detailed step-by-step guide on how to use the malware kit to launch attacks, with instructions and video tutorials.

How the scam works

To initiate the theft, the criminals need to gain direct access to the ATM and then upload the malware via USB port. Once the criminals gain full access to the terminal, they enter the ATM interface to start the money withdrawal process.

How to defend yourself

To protect ATMs from attacks that exploit malicious tools such as CutLet Maker and ensure the security of ATMs, it is advisable to implement tools that prevent any unauthorized software from running on the ATM. Also, it would be safer to enable device control mechanisms to prevent the connection of any unauthorized device. Finally, it is useful to use a custom security solution to protect ATMs from cyber attacks.