Researchers have uncovered a new ATM jackpotting malware program that features a smaller system footprint and a simpler graphical user interface than its typical of its brethren.
Dubbed ATMJackpot, the malware, which forces ATMs to spit out money, looks to have originated from Hong Kong, according to an Apr. 5 blog post from Netskope, whose Threat Research Labs team discovered the threat. Additionally, its binary features a time stamp of Mar. 28, 2018. "It is likely that this malware is still under development," writes Netskope blog post author Amit Malik.
Upon execution, ATMJackpot registers a window class, creates a window, populates options on the window and establishes a connection with the XFS (extensions for financial services) manager. At that point, the malware opens a session with the cash dispenser, card reader and PIN service providers, in order to monitor events and execute commands such as reading PIN data and withdrawing cash. Meanwhile, ATMJackpot's simplified GUI display shows the host name, as well as information related to the various service providers.