News

AppGuard said to protect against new multivendor ATM malware

The companies say that their AppGuard solution has proven in live testing that it can prevent intrusion by the recently identified Backdoor.ATM.Suceful malware.

October 5, 2015

Blue Ridge Networks, a cybersecurity provider, and NuSource Financial, a provider of transaction solutions, said today in a press release that their integrated AppGuard solution can protect multivendor ATM fleets from Backdoor.ATM.Suceful, a newly discovered ATM malware program.

The malware operates by reading the magnetic strip on a credit or debit card, and retaining the card in the ATM while suppressing the machine's sensors. The card is retrieved later by fraudsters.

Unlike earlier forms of malware such as Ploutus or Tyupkin, Suceful is designed to work on both Diebold and NCR ATM systems by using a WOSA/XPS interface, NuSource said.

Based on live malware testing, AppGuard has been proven to prevent attack by Suceful malware, the release said. The solution uses USB and runtime protections to disrupt attempts by the malware to insert itself into the ATM's system.

AppGuard prevents exploits by known and unknown threats using patented isolation and containment technologies. The release said that these protections work even if the trust system is compromised by malware signed with stolen certificate keys.

"We feel confident in AppGuard's ability to protect our customer's ATMs from harmful malware like Suceful, before it has even hit the U.S. market," said Jon Erpelding, President of NuSource Financial.

The AppGuard team believes that Suceful is still in in its development phase, and that it eventually will be distributed as digitally signed malware in order to evade whitelisting solutions. Therefore, the team will continue to monitor the evolution of this malware, NuSource said.