Add to the library

EN RU CN DE EN ES FR JP PL UA

News & Events | Promotions | Licensing center | Anti-cyber fraud center | Customers | Company

The threat is real!

Doctor Web discovered the first virus for ATMs in Russia in March 2009—Trojan.Skimer. That same year our company developed an anti-virus for embedded computer systems (ATMs, terminals, multi-kiosks, and POS networks) that offers real-time protection from viruses — Dr.Web ATM Shield.

The cybercriminals developing this Trojan are constantly launching new versions of it.

Currently, the Dr.Web virus database contains more than 25 entries for malicious programs of this type.

To concoct new ways of stealing money from the public, cybercriminals take advantage of possible gaps in ATM security and the fact that ATMs lack anti-virus programs. They also count on ATM users being unaware that ATM Trojans can be embedded in ATM software.

Cybercriminals are using ATM Trojans—programs specifically created to steal money—on an increasingly wide scale.

Most modern ATMs run Microsoft Windows, mainly Windows XP, and in April 2014, Microsoft discontinued support for this OS. Consequently, ATMs can get infected by the exact same malicious programs that penetrate home PCs. The vulnerabilities of this OS are well known to criminals. Banking malware—ATM Trojans—are specially written to steal money from ATMs or data from bank cards.

Criminals can infect ATMs with Trojans through the following routes:

  • A hacker-owned USB flash drive that has been plugged into an ATM; for this purpose, the hackers open ATM equipment compartments with a special key;
  • Employee removable data-storage devices that have been used for embedded systems maintenance.

Criminals get hold of bank card information in several ways: it can be sent to the Trojan’s control center which can conceal itself in an infected bank corporate network; it can be written on a specially prepared plastic card or printed on a cheque.

The major danger of such ATM Trojans is that cybercriminals can use stolen information to make duplicates of bank cards and withdraw money from bank accounts—all because cardholders used an infected ATM.