Self-Deleting “ATMitch” Malware Makes ATMs Spit Out All the Cash


One of the most sophisticated ATM malware has been reported hacking ATMs in order to spit out all the cash. According to the malware researchers, a group of criminal hackers using fileless malware which spit cash from the ATMS and then deletes itself from the machine. Attacking ATMs is a work of a group of cyber offenders that has been specialized in hacking banking networks and active for years. From the starting of year 2016, this group of con artists has switched to hack banking networks and government agencies in at least 40 countries by using fileless malware and legit Windows application. Although, these malicious attacks performed using stealthy techniques which left a minimal footprint onto the infected servers. As a result, the cyber security analysts won’t able to track the infectious method of these attacks. However, the researchers suspected that the hackers aim to steal data from the infected machines, but they are not able to identify what kind of data cyber offenders steal.

ATMitch Malware

Hackers Attack Banking Servers To Get Control of ATMs

Malware researchers from a security firm have reported the initial attack of this malware in February, 2017. After that, some clues about these harmful attacks came to light. The analysts believe that they revealed the purpose of criminal hackers behind hacking bank portals. In the SAS (Security Analyst Summit) held in St. Maarten, the security experts said that the hackers using various exploits to broke into the servers of several banks, where they used PowerShell malware and legit Windows applications to gain complete control over nearby systems. The main target of the malwares is to attack the system which is used to manage the bank’s ATM networks. In order to connect to the ATMs, the cyber crooks uses system’s remote management feature through Remote Desktop Protocol (RDP). Then after, a new breed of ATM malware identified as “ATMitch” gets installed onto the affected machines.

ATMitch Malware Responsible For Spitting Cash Out of ATMs

ATMitch malware utilizes a local command.txt file for instructions and the commands were just one-letter character which left inside the commands.txt file. When a specific ATM gets infected with this malware, the hackers upload instructions to command.txt file and then it executes onto the machine that results spewing out cash from the ATM. Once the malicious attack would end, the malware self-deletes and clean up all its associated files which makes almost impossible for the experts to track down the hackers. More interestingly, the malware accidentally left one of its file named “tv.dll” onto the affected ATM. After deeply investigating the file related to ATMitch malware, the security analysts were able to identify the working principles of ATMitch and discover that the same group of malware used by the offenders to hack banking servers.

Leave a Comment

Your email address will not be published. Required fields are marked *

Skip to toolbar