Kaspersky, a well-known security company, reported yesterday that a new type of malware has been infecting Windows-based ATMs throughout Eastern Europe and is now spreading to other continents. Kaspersky named the malware “Backdoor.MSIL.Tyupkin.” It was first detected in January of this year. Although the exact amounts stolen in this manner have not been specified, it’s in the millions.
It seems the malware is not particularly sophisticated, albeit very effective. It must have been physically installed on the ATM. Using a bootable CD, the criminals were able to load the malicious software onto the machine. “Tyupkin” only becomes active at night and allows whoever is picking up the cash to see the contents of each money cassette and after entering special one-use-only code. The criminals can then withdraw money from the cassettes, 40 notes at a time. See the video below for a demonstration:
The malware is currently known to have spread to these countries, affecting over 50 ATMs worldwide.