Most of the world's ATMs are running on Windows XP operating system, which is highly vulnerable to Malware attacks. Just like your Desktop Laptops, some ATMs also have USB sockets, which is hidden behind the ATM's fascia.
The German security researchers who discovered the hack detailed their findings at the Chaos Computing Congress in Hamburg, Germany recently. They said that the thieves cut holes in the fascia to access a USB port and then uploaded malware to the machines.
The malware creates a backdoor that can be accessed on the front panel. "These researchers explained that the malware allowed the thieves to create a unique interface on the ATMs by typing in a 12-digit code. This interface allowed for withdrawal and also showed the criminals the amount of money and each bill denomination inside the machines. This meant the thieves could save time by only taking the highest value bills." Dara Kerr from CNET news reported.
Once the thieves finished their theft at a cash machine, they would patch up the hole to allow the same exploit to be used on other machines. This indicates that the criminal crew is highly familiar with the ATMs mechanism.
The malware does not appear to harvest customer PINs or other sensitive data and now some banks have upgraded their ATMs to prevent them from booting from external USB drives.
