Cybercrime group targets ATM networks

A global cybersecurity firm has warned of a family of malicious software that could infect the core of an ATM card, thus posing even more advanced threats to Philippine banks and customers.

In a statement issued Wednesday, Kaspersky Lab raised the alarm regarding programs from the Skimer family, a malware that was detected to have resurfaced in 13 locations globally, including the Philippines.

The Skimer group, it explained, would start its operations by getting access to the ATM system, either through physical access or via the bank’s internal network. After successfully installing a certain malware into the system, it then begins to infect the core of an ATM. Kaspersky Lab products detected this threat as Backdoor.Win32.Skimer.

“The criminals then have full control over the infected ATMs. But they tread carefully and their actions are skillful. Instead of installing skimmer devices, which are fraudulent look-alike card reader over the legitimate reader, to siphon card data, they turn the whole ATM into a skimmer. With the ATM successfully infected with Backdoor.Win32.Skimer, criminals can withdraw all the funds in the ATM or grab the data from cards used at the ATM, including the customer’s bank account number and PIN code,” Kaspersky Lab explained.

“A scary thing is that there is no way for common people to distinguish infected ATMs. They don’t have any physical signs of being malicious, unlike in cases with a skimmer device when an advanced user can discover if it’s replacing a real card reader of a machine Skimer guys do not start acting immediately—they are very careful about hiding their tracks. Their malware may operate on the infected ATM for several months without undertaking any activity,” it added.