Collaborate Disseminate
A new CactusPete campaign shows that the group’s favored types of target remain the same. The victims of the new variant of the Bisonal backdoor were from financial and military sectors located in Eastern Europe. Continue reading CactusPete APT group’s updated Bisonal backdoor
There were no readily available tools to analyze how the program written in Harbour works. So, we wrote our own. We hope this decompiler makes analyzing samples written in Harbour a little bit easier for others as well. Continue reading How we developed our simple Harbour decompiler
When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can add another family to the Lazarus group’s arsenal: ATMDtrack and Dtrack. Continue reading Hello! My name is Dtrack
In spring 2019, we discovered a new ATM malware sample written in Java that was uploaded to a multiscanner service from Mexico and later from Colombia. After a brief analysis, it became clear that the malware, which we call ATMJaDi, can cash out ATMs. Continue reading Criminals, ATMs and a cup of coffee
In March 2018, we came across a fairly simple but effective piece of malware named WinPot. It was created to make ATMs by a popular ATM vendor to automatically dispense all cash from their most valuable cassettes. We called it ATMPot. Continue reading ATM robber WinPot: a slot machine instead of cutlets
In May 2017, Kaspersky Lab researchers discovered a forum post advertising ATM malware that was targeting specific vendor ATMs. The forum contained a short description of a crimeware kit designed to empty ATMs with the help of a vendor specific API, without interacting with ATM users and their data. The price of the kit was 5000 USD at the time of research. Continue reading ATM malware is being sold on Darknet market
While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. We have written about this phenomenon extensively in the past and today we can add another family of malware to the list – Backdoor.Win32.ATMii. Continue reading ATMii: a small but effective ATM robber