ATM MALWARE
dfhjr
dfhjr
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Figure 2: FTP Download<br />
Next, the attacker can activate the malicious software on the <strong>ATM</strong> machine, which is illustrated in Figure 3 below.<br />
Figure 3: Backdoor.<strong>ATM</strong>.Suceful Panel<br />
In this case, RSA Security Analytics can easily identify and alert of the use of RDP and FTP communications protocols. This is<br />
illustrated in the Detection Section of this paper.<br />
CASH THEFT METHODS<br />
TROJANSPY:<strong>ATM</strong>/PLOUTUS<br />
The Ploutus variant, discussed above, uses an interesting approach to dispense cash. Initially, the attackers install the malware on<br />
the machine, which is connected to a mobile phone via a USB cable. Once connected, the attacker sends two SMS messages to the<br />
mobile phone; one for the activation of the malware, and the second containing a command to dispense money from the machine.<br />
The messages received on the phone are forwarded to the <strong>ATM</strong> as a TCP or UDP packet, and executed by the Ploutus malware. This<br />
will ultimately result in the <strong>ATM</strong> dispensing a preconfigured amount of money that will be collected physically by the mule.