Criminals will not let any way to cheat an ATM machine out of its cash, as it's one of the easiest way for them to get the hands on cash. ATM skimmers have now discovered a new and high-tech approach to target cash machines directly by inserting a physical notorious device into it instead.
According to the Chinese press, two Ukrainian men arrested in Macau for reportedly planting the malicious software program in the seven Macau bank ATMs. This could came out as the quickest method to hack the cash machines.
HACKING ATM MACHINES
The two accused were arrested this week by the authorities in Macau, a Chinese territory approximately west of Hong Kong, but the two are from Ukraine and had successfully stolen almost $100,000 by corrupting more than seven ATMs with a computer virus.
According to the authorities, the men allegedly used a green object device (as shown in the image) to carry out the money fraud. They first connected the device to a laptop and then inserted it in the card slot on the ATMs. The device used by the criminals resembles a circuit strip wider as credit card but much longer than it. After inserting the device physically into the ATMs card slot, the criminals successfully installed the malware that has ability to fetch customer's credit card information, including PINs.
Sources at the bank said once the device is inserted in the cash slot, it caused the malicious program running on the ATM machines to crash leaving the cash machine black. The machine would then restart, as soon as the device is removed. Now whosoever used the compromised ATM machine, became victim of the card fraud, as the hidden virus program started recording the cash card number, PINs and other information entered by customers.
CONVERTING COLLECTED INFORMATION INTO CASH
The suspects then returned to the ATMs after few days to gather the card information by using the same kind of green strips and then another special chip to destroy the evidence of the crime program. It is believed that the prisoner has accumulated at least 63 stolen card information.
The skimmers then used this cash card information to clone the cash cards. They primarily used to "write" the stolen data obtained from the magnetic stripe on the back of a card onto a new blank card to develop a cloned cash card and once a card has been cloned it is recognized by machines as the original card.
MALICIOUS USB ATTACK
Using physical device on Banks ATMs is not something new that the criminals have adopted. At the beginning of the year, a team of researchers at the Chaos Computing Congress in Hamburg, Germany has presented that how skimmers have been targeting cash machines directly using infected USB sticks.
BLUETOOTH ENABLED CREDIT CARD SKIMMERS
Also, in January this year, we reported about the Credit Card fraud in which the criminals stole users' banking information using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. The skimming devices were internally installed in the gas station in such a way that it was undetectable to the people who paid at the pumps.
CLONING CHIP-N-PIN PAYMENT CARDS
After the largest data breach at the U.S. retailer Target, the payment card companies have become more serious in providing their users a secure credit and debit card. They also have launched Chip-n-PIN payment cards. But, Are they safe? Are they able to protect the financial information from payment card frauds?
Simply No! We have reported in our previous articles about two critical vulnerabilities the security researchers found in the Chip-n-PIN smart card payment system that makes EVM vulnerable to "pre-play" attack and the vulnerability could be exploited by the cybercriminals to clone the credit and debit cards in such a manner that even bank procedures won't differentiate between the legitimate and fraud transactions.