Malware for Cryptocurrency ATMs Sold on Hacker Forums

With the rapid rise in the popularity of cryptocurrencies, specialized cryptocurrency ATMs have started to appear. These machines look similar to regular ATMs but operate somewhat differently. The main difference is that a cryptocurrency ATM connects not to a user’s bank account, but to a cryptocurrency exchange, where users can buy or sell digital currencies. The purchased cryptocurrency is then sent to the user’s crypto wallet. In other words, a cryptocurrency ATM is not a traditional ATM, but rather a terminal for accessing cryptocurrency exchanges.

While regular ATMs have long been a favorite target for hackers, there has been little information about attacks on their less common cryptocurrency counterparts. However, cybercriminals have now set their sights on cryptocurrency ATMs as well.

According to experts from Trend Micro, malware designed to attack cryptocurrency ATMs is being sold on underground forums. In addition to the malware itself, buyers also receive a card that supports EMV and NFC. According to the product description, the malware exploits a vulnerability in the service, allowing the illegal withdrawal of up to 6,750 euros, dollars, or pounds sterling in bitcoin. The price for this malware is $25,000.

The same seller also offers malware for regular ATMs that support the EMV standard. According to the description, by exploiting a vulnerability in the menu, the malware disconnects the machine from the network to deactivate the alarm system.

EMV is an international standard for chip-based bank card transactions. The main difference for users of EMV cards is the requirement to enter a PIN code for any payment through a terminal. However, if desired, the issuing bank can configure the chip card’s CVM list so that it requests a signature first instead of a PIN.