Security

North Korean hackers utilizing Linux tool to hack ATMs

Photo Ralf - stock.adobe.com

October 16, 2024

North Korean hackers are using a new tool to steal cash from ATMs: a Linux variant of FASTCash malware. This malware has been used in some form since 2016 and has stolen tens of millions of dollars in cash through unauthorized withdrawals at ATMs, according to a report by Bleeping Computer.

The latest variant used a shared library that is placed into a process on a payment switch server, an intermediary that communicates between ATMs and bank's central systems. The malware changes the transaction messaging that decline withdrawals due to insufficient funds to enable the withdrawal.

When the bank receives the approval codes and the random money amount, a mule will be sent to collect the cash. Currently, this Linux variant is not detectable on VirusTotal.

In 2021, three North Koreans were indicted for allegedly stealing mover than $1.3 billion from banks worldwide through such malware attacks.