This malicious program reads and saves bank data as well as card account numbers. The Trojan intercepts and decrypts PIN codes after cardholders enter them via ATM keypads.
To maintain confidentiality, ATM manufacturers employ a special technology that facilitates the encrypted transmission of PIN codes entered into ATMs. PIN codes are never stored in plain text, not on the bank card, not in the ATM, and not on the servers of the bank that owns the ATM.
Trojans from the Trojan.Skimer family bypass this protection and use the ATM's software to decrypt PIN codes!
Another way to infect an ATM is to open its equipment compartment and then use a CD to install a Trojan from the Ploutus family. Once the ATM is restarted and the malicious service is launched, criminals can issue various commands to the Trojan, for example, to empty the container holding all the cash. Commands are issued via an embedded keypad. If the intruders manage to plug a mobile phone into the device’s USB port, they can issue commands to the Trojan remotely via special SMS messages!