Bitcoin ATM Malware Found For Sale In The Dark Web!

[tsg]

Bitcoin ATM Malware Found For Sale In The Dark Web!


Dark Web vendors are now selling malwares specifically designed to target bitcoin ATMs, according to cybersecurity firm TrendMicro.

In the blog post, the cybersecurity firm cites an advertisement posted by an “apparently established and respected” user on a darknet forum. The malware reportedly exploits a service vulnerability of bitcoin ATMs that allows the user to receive bitcoins worth up to 6,750 in US dollars, euros, or pounds. At a cost of $25 000, the package includes, “a ready-to-use card that comes with EMV and near-field communication (NFC) capabilities.”

The seller has reportedly received over 100 online reviews both for the malware and other products. Another thread reveals that the seller is also offering regular ATM malware that has been updated for EMV standards, a global standard for credit and debit payment cards based on chip card technology. According to other comments on the thread, the malware works by exploiting a menu vulnerability to disconnect the bitcoin ATM from the network in order to disable alarms.


More https://app.algory.io/app/cryptonews/52071/bitcoin-atm-malware-found-for-sale-in


What do you think about it? Everything can be hacked? And is it only the matter of time when we see the news that XYZ hardware wallet has been hacked or sth like that?

[bob123]

What do you think about it? Everything can be hacked?

Everything can be hacked. It is just a matter of time and effort used to attack it.
As long as there vulnerabilities which can be found, there also will be black hats who are trying to find an exploit them.

ATM's (whether crypto or fiat) always has been a lucrative goal. These are basically money storing machines.

And is it only the matter of time when we see the news that XYZ hardware wallet has been hacked or sth like that?

Probably yes. I am sure that there are a lot of vulnerabilities in all wallets which just havn't been found yet.

The good thing about hardware wallets is that an attacker would need the device AND a vulnerability + exploit to steal funds.
Thats a big advantage compared to a desktop-/mobile- or web wallet, where a simple malware would be enough to steal your funds.

[cellard]

What do you think about it? Everything can be hacked?

Everything can be hacked. It is just a matter of time and effort used to attack it.
As long as there vulnerabilities which can be found, there also will be black hats who are trying to find an exploit them.

ATM's (whether crypto or fiat) always has been a lucrative goal. These are basically money storing machines.

And is it only the matter of time when we see the news that XYZ hardware wallet has been hacked or sth like that?

Probably yes. I am sure that there are a lot of vulnerabilities in all wallets which just havn't been found yet.

The good thing about hardware wallets is that an attacker would need the device AND a vulnerability + exploit to steal funds.
Thats a big advantage compared to a desktop-/mobile- or web wallet, where a simple malware would be enough to steal your funds.

Is the software for these ATM machines open source and in github somewhere?

I wouldn't trust these machines at all, they are probably keeping a log of all the movements and handling them to authorities to get your ass in trouble. And even if im against anything morally wrong like using malware to steal people's funds, it would be pretty stupid to use this malware anyway. These ATM machines are usually in malls, airports and other places literally filled with hidden cameras everywhere. Chances are whoever goes there to install the malware will get caught (assuming this cannot be deployed online somehow).

[buwaytress]

Careful with what you find there. Claims are often exaggerated to push up the value of that. I''m not an advocate for crime either, so would suggest you stay away from this at whatever cost. General Bytes response above says enough, ZD and TrendMicro should feel a bit sorry for themselves, although they never did report anything to say the claims were right, the FUD is enough.

If I were a researcher or part of a police sting with cash to burn, would love to test out that sort of claim though. 7k a pop means I only need to successfully steal 1.2 BTC once from one ATM to make up for my outlay. Would be very interesting to see if any of these BTC operators have experienced hacks. Can't find anything on clearnet, and with all the news on exchanges making headlines, probably expected that isolated atm hacks wouldn't make the news.

Also, would be very easy to mark stolen Bitcoin from those ATMs methinks. So even if they ended up getting hacked somehow...

MrBitco: any date on that response?

[bob123]

Is the software for these ATM machines open source and in github somewhere?

ATM's often do use some embedded windows as operating system 
Anything that runs on top is (most probably) not disclosed to the public.

I wouldn't be surprised if there were a ton of vulnerabilities which could be exploited with full access to the device.

I wouldn't trust these machines at all, they are probably keeping a log of all the movements and handling them to authorities to get your ass in trouble.

They definitely keep logs, such as timestamps, duration, withdrawal/deposit, camera, etc..

[TimeTeller]

Is the software for these ATM machines open source and in github somewhere?

ATM's often do use some embedded windows as operating system  
Anything that runs on top is (most probably) not disclosed to the public.

I wouldn't be surprised if there were a ton of vulnerabilities which could be exploited with full access to the device.

I wouldn't trust these machines at all, they are probably keeping a log of all the movements and handling them to authorities to get your ass in trouble.

They definitely keep logs, such as timestamps, duration, withdrawal/deposit, camera, etc..

Yes, it's not really surprising that such kind of activity is already on the works as we speak.
Illegal activities are always there and they are just looking for possible targets.
And currently, circulation of money in crypto market is very lucrative one, which makes it a good object of attack.
But, of course there will be counter-measures to address such possible hacks.

Or the other side of seeing this situation is what buwaytress stated.

[nc50lc]

I wouldn't call that "news".
Even regular ATMs got a bunch of "for sale" malwares and hacks available on the dark web, but most of them are fakes.
Are there any ATM hacking incidents lately in the news? Yes?

I'd say, this is just news-makers are just doing their jobs. Exaggerating little things.

[audaciousbeing]

Bitcoin ATM Malware Found For Sale In The Dark Web!


Dark Web vendors are now selling malwares specifically designed to target bitcoin ATMs, according to cybersecurity firm TrendMicro.

In the blog post, the cybersecurity firm cites an advertisement posted by an “apparently established and respected” user on a darknet forum. The malware reportedly exploits a service vulnerability of bitcoin ATMs that allows the user to receive bitcoins worth up to 6,750 in US dollars, euros, or pounds. At a cost of $25 000, the package includes, “a ready-to-use card that comes with EMV and near-field communication (NFC) capabilities.”

The seller has reportedly received over 100 online reviews both for the malware and other products. Another thread reveals that the seller is also offering regular ATM malware that has been updated for EMV standards, a global standard for credit and debit payment cards based on chip card technology. According to other comments on the thread, the malware works by exploiting a menu vulnerability to disconnect the bitcoin ATM from the network in order to disable alarms.


More https://app.algory.io/app/cryptonews/52071/bitcoin-atm-malware-found-for-sale-in


What do you think about it? Everything can be hacked? And is it only the matter of time when we see the news that XYZ hardware wallet has been hacked or sth like that?

I want to believe this should be a wake up call for entrepreneurs running bitcoin ATM services to be more updated concerning their security infrastructure as I hold the view that the compromise is from them and not bitcoin itself or else as it is expected that the ATM is connected to a storage somewhere that owns more than 6750 bitcoins for the hacker to be a beneficiary in which if not for the vulnerability in their own system, then the whole of Coinbase, Xapo or Blockchain.com that holds several amounts of bitcoin would have gone bankrupt by now.

Everyday hackers would always hack in which there is hardly anything anyone can do about it. Preaching, discouraging won't even stop it but the responsibility is service providers to ensure that their security is fool proof.