Advertisement

Malware in ATM thefts able to delete itself if detected, says IT security expert

ATM hacking just tip of the iceberg, warns security expert

A virus or malware known as Backdoor.Padpin (ulssm.exe) that was used by the Latin American syndicate to steal about RM3 million from ATMs in Selangor, Johor and Malacca over the weekend, is able to delete itself if detected.

Described as a type of Trojan virus, the malware was designed to infiltrate the "back door" of the computer system within the teller machines.

According to a leading Internet security company, Symantec Security, the virus was first detected in May and is known to affect machines running on the Windows XP and Windows 7 operating systems. It also has the ability to delete its own files if it failed to control or dominate the ATM, so as to avoid detection.

It also enables an attacker to use the ATM's PIN pad to submit commands to the Trojan. Once executed, the virus creates the ulssm.exe file, which can be placed in any folder on the compromised computer.

It has been discovered that the Trojan virus runs in the background until a specific code is entered on the ATM's PIN pad.

The Trojan virus was able to open a "back door" on the computer, thus allowing a hacker to make multiple withdrawals from the compromised ATM.

It also is able to select which cassette the ATM dispenses money from, display the cassette information such as number of bills left, including the denomination and total amount per cassette.

It then temporarily disables the local network to avoid triggering alarms when withdrawing money and extend the duration of the session in order to continue stealing money and subsequently delete itself from the compromised ATM.

It was reported yesterday that police identified a Latin American gang to be behind the ATM hacking syndicate that has been stealing money from automated teller machines (ATM) in Selangor, Johor and Malacca.

So far, police said branches of the Affin Bank, Al-Rajhi Bank and Bank Islam have been targeted.

Police today released several images of individuals suspected to be members of the gang and have launched a special operation called Ops Albatross to hunt them down. – September 30, 2014.