You can buy software on Darknet for unlimited cash withdrawals from ATMs.

No, this is not at all culinary software. It refers to the "meat patty" and not the dish.



ATMs (ATMs) - specialized devices that are designed to conduct various kinds of financial transactions, including the issuance of cash. As a rule, their control unit is a modified PC running Windows. Accordingly, these computers are exposed to software written by hackers for the Microsoft operating system.



For the time being, cybercriminals wrote such software for personal use or for sale to their favorites for huge money. But now the situation has changed: software of this kind has appeared in the public domain. Rather, not quite open. Kaspersky Lab found that malware with the name Cutlet Maker, which is intended only for one thing - to force ATMs of certain models to issue cash in unlimited quantities, is freely sold on Darknet.



True, remotely do it will not work. You need physical access to the machine, namely, a connection to the USB port of the system.





The screenshot shows a description of the malware sold on the now closed AlphaBay. Nevertheless, the authors of the software switched to selling software through their own website.



Kaspersky Lab claims that the software offered by cybercriminals is now finding more and more customers. In particular, the attackers sell it on their own onion-site, recorded attempts to sell this software on the underground forum "migalki.pw" and some other resources. At the same time, the cost of the package falls - if earlier it cost $ 5,000, now there are also offers with a price of $ 800–1,200.



The program is called Cutlet Maker. It consists of three modules. The first one generates passwords for running the Cutlet Maker application, which prevents those who did not pay for it from using the software. The second is the Stimulator application, which shows the number and denomination of banknotes in ATM cassettes. Thanks to him, the hacker may not guess how much money there is in the ATM and in which cassette, and immediately select the desired object. Well, the third element is the main module for working with a money dispenser.



By the way, in the newer version of malware, there is no longer a module that generates codes. Instead, code generation is carried out on the software developers website.



To start the "work", the attacker must find the USB port of the ATM. Due to the fact that all such systems are typed, for an experienced hacker the task of connecting is not too complicated. The cutlet is designed to work with Wincor Nixdorf ATMs, so all that is required of a cybercriminal is to examine the ATM models of this company, having found out exactly where the USB port is located.





According to Kommersant, the cost of this kind of software previously was at least $ 100,000. In the case of "cutlets", we see a much lower price. And this is a really working product, which was created by professionals.



“The“ cutlet ”is unique in that it is not difficult to acquire it, and besides, it is very democratic in price. If we consider that an ATM has an average of 5 million to 10 million rubles, then it pays off for one theft, ”says Sergey Golovanov, a leading antivirus expert at Kaspersky Lab.





According to experts, if banks do not pay enough attention to this problem, then at the current cost of the “cutlets” this software will be used en masse, which will entail an increase in the number of thefts from ATMs.



“Despite the fact that banks, on average, pay a lot of attention to information security, attacks using such a“ set ”can cause serious financial damage to some of them,” said Valentin Krokhin.







There is one catch here. The fact is that banks do not consider ATM vulnerabilities to be their problems. According to representatives of such organizations, the elimination of vulnerabilities lies on the shoulders of manufacturers of ATM. Since we are talking about Wincor Nixdorf systems, many banks can expect problems with their devices to be solved by Wincor. At the same time, since Wincor Nixdorf is the most common system in the Russian Federation and some other countries, it is necessary to act very quickly until the problem has become truly widespread.



To solve it, ATM manufacturers and banks should combine their efforts. "Kaspersky Lab" said that it protects the system from malicious software. But there is already evidence that KESS can be circumvented.