Threat Management, Malware

Researchers find new ATM jackpotting malware, possibly under development

Researchers have uncovered a new ATM jackpotting malware program that features a smaller system footprint and a simpler graphical user interface than its typical of its brethren.

Dubbed ATMJackpot, the malware, which forces ATMs to spit out money, looks to have originated from Hong Kong,  according to an Apr. 5 blog post from Netskope, whose Threat Research Labs team discovered the threat. Additionally, its binary features a time stamp of Mar. 28, 2018. "It is likely that this malware is still under development," writes Netskope blog post author Amit Malik.

Upon execution, ATMJackpot registers a window class, creates a window, populates options on the window and establishes a connection with the XFS (extensions for financial services) manager. At that point, the malware opens a session with the cash dispenser, card reader and PIN service providers, in order to monitor events and execute commands such as reading PIN data and withdrawing cash. Meanwhile, ATMJackpot's simplified GUI display shows the host name, as well as information related to the various service providers.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.