New ATM Theft Threat: No Card Or Skimmer Required

Posted On: 10/14/2014

  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size
  • PDF

TAGS: vending operator, automated teller machine, ATM theft, ATM operators, ATM security, Kaspersky Lab, Tyupkin

MOSCOW -- There is more bad news for ATM operators and users. Moscow-based global security firm Kaspersky Lab has uncovered a sophisticated piece of malware that allows criminals to use ATMs as their personal piggy banks. Called Tyupkin, the software permits so-called money mules (low-level criminal workers) to access machines at specific times using an intermittently changing code. Significantly, no counterfeit credit card or skimming device is required.

To access the cash, typically on a Sunday or Monday, the money mule approaches the machine and punches in a code at a given time. The thief then phones his boss for the response code that accesses the cash. Changing codes on a regular basis, experts noted, provides a security function that protects the ill-gotten gains from potentially greedy money mules. Because the malware is only "active" for a limited time, detection by banks is difficult.

Kaspersky Lab experts did not release details on how the malware is introduced into ATMs, but it is assumed that it is done via direct contact with the machine. So far, only bank ATMs have been victims of the insidious malware, though independent units are also at risk.

To date, more than 50 ATMs in Eastern European and Russian banks have been discovered carrying the malware with the total theft estimated in millions of dollars. While no infected ATMs have so far been discovered in the U.S., Kaspersky engineers believe the risk of the concept spreading is high.