Microsoft has announced support for Windows XP operating system will end after April 8th. Apparently %95 of the world’s 3 million ATM machines run on Windows XP. Microsoft’s resignation from Windows XP puts a huge security risk on financial institutions and hundreds of thousands of large corporations.
Popular security firm, Symantec, reported that hackers can maliciously exploit a vulnerability in Windows XP based ATM’s. Exploiting the vulnerability allows hackers to withdraw cash simply by sending an SMS message to a comprised ATM machine.
The malware infecting ATM machines is named Plotus. Symantec reported “What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible but this technique is being used in a number of places across the world at this time.”
Malicious hackers can install the malware into the ATM’s in two separate ways. Method one is opening the top latch and connecting a wireless keyboard into a USB port. Method two is connecting the hackers phone via a USB port inside the machine. Once connected hackers will need USB tethering enabled, and can then initiate a shared internet connection, allowing SMS commands to interact with the ATM machine directly. Once the malware is installed, hackers can exploit the machine and funnel money straight out of the machine. Any cash inside the ATM machine can be removed directly by a piece of malware living inside, this means the physical appearance of the machine will not change or appear damaged.
Plotus is not a new form of malware, in was found installed on ATM’s in Mexico in 2013. It allowed hackers to simply rob the machine, again, with just a simple text message. There are various forms Plotus worldwide affecting a number machines. Some forms attempt to steal customers card and PIN data, while others attempt Man-in-the-Middle attacks.
As the malware is global, it can be installed on any ATM running XP worldwide.