A brand new ATM malware pressure dubbed FiXS has been noticed focusing on Mexican banks because the begin of February 2023.
“The ATM malware is hidden inside one other not-malicious-looking program,” Latin American cybersecurity agency Metabase Q mentioned in a report shared with The Hacker Information.
In addition to requiring interplay by way of an exterior keyboard, the Home windows-based ATM malware can also be vendor-agnostic and is able to infecting any teller machine that helps CEN/XFS (quick for eXtensions for Monetary Providers).
The precise mode of compromise stays unknown however Metabase Q’s Dan Regalado advised The Hacker Information that it is probably that “attackers discovered a technique to work together with the ATM by way of touchscreen.”
FiXS can also be mentioned to be much like one other pressure of ATM malware codenamed Ploutus that has enabled cybercriminals to extract money from ATMs through the use of an exterior keyboard or by sending an SMS message.
One of many notable traits of FiXS is its capacity to dispense cash half-hour after the final ATM reboot by leveraging the Home windows GetTickCount API.
The pattern analyzed by Metabase Q is delivered by way of a dropper generally known as Neshta (conhost.exe), a file infector virus that is coded in Delphi and which was initially noticed in 2003.
“FiXS is applied with the CEN XFS APIs which helps to run totally on each Home windows-based ATM with little changes, much like different malware like RIPPER,” the cybersecurity firm mentioned. “The way in which FiXS interacts with the prison is by way of an exterior keyboard.”
With this improvement, FiXS turns into the most recent in an extended checklist of malware equivalent to Ploutus, Prilex, SUCEFUL, GreenDispenser, RIPPER, Alice, ATMitch, Skimer, and ATMii which have focused ATMs to siphon cash.
Uncover the Newest Malware Evasion Techniques and Prevention Methods
Able to bust the 9 most harmful myths about file-based assaults? Be a part of our upcoming webinar and grow to be a hero within the battle in opposition to affected person zero infections and zero-day safety occasions!
Prilex has since additionally advanced right into a modular point-of-sale (PoS) malware to carry out bank card fraud by quite a lot of strategies, together with blocking contactless fee transactions.
“Cybercriminals who compromise networks have the identical finish purpose as those that perform assaults by way of bodily entry: to dispense money,” Development Micro mentioned in an in depth report on ATM malware revealed in September 2017.
“Nevertheless, as an alternative of manually putting in malware on ATMs by USB or CD, the criminals wouldn’t have to go to the machines anymore. They’ve standby cash mules that will decide up the money and go.”
