Cybercriminals have gamified the ATM jackpotting experience with a malware variant dubbed WinPot which includes a slot machine-like interface.

The graphics are a node to the popular term ATM-jackpotting techniques designed to empty ATMs minor modifications just as WinPot does when it infects a target system, according to a Feb. 19 Kaspersky Lab blog post.

The malware displays cassettes and has a reel numbered 1 to 4 (4 is the max number of cash-out cassettes in an ATM) and a SPIN button along the number of bank notes in each cassette. Upon pressing the button the ATM dispenses cash from the corresponding cassette.

The malware includes modifications to trick the ATM security systems using protectors or other ways to make each new sample unique, overcome potential ATM limitations like maximum notes per dispense, found ways to keep the money mules from abusing their malware, and improve the interface and error-handling routines.

“Automation of all kinds is there to help people with their routine work, make it faster and simpler,” researchers said. “Although ATM fraud is a very peculiar sort of work, some cybercriminals spend a lot of effort to automate it.”

Researchers spotted the malware for sale on the dark web for approximately $500 – $1,000 depending on the offer.