A Japanese cybersecurity firm has found ready-to-use Bitcoin ATM malware for sale online.
In the blog post, Trend Micro cites an advertisement posted by an “apparently established and respected” user on a darknet forum. For the price of $25,000, criminals could purchase Bitcoin ATM malware accompanied by a ready-to-use card with EMV and near-field communication (NFC) capabilities.
EMV chips were originally developed by leading credit card providers to store data on integrated circuits rather than magnetic stripes, while NFC enables two electronic devices to wirelessly exchange information.
The malicious software reportedly exploits a Bitcoin ATM vulnerability, which allows fraudsters to receive the BTC equivalent of up to 6,750 U.S. dollars, euros, or pounds. According to Trend Micro, the seller has received over 100 online reviews both for the malware and other products.
Another forum thread showed that the seller also offers regular ATM malware that has been updated for EMV standards. Further research reportedly revealed that the malware exploits a menu vulnerability to disconnect an ATM from the network in order to disable alarms. In conclusion, Trend Micro suggested:
“As long as there is money to be made — and there is quite a bit of money in cryptocurrencies — cybercriminals will continue to devise tools and to expand to lucrative new ‘markets.’ As the number of Bitcoin ATMs grows, we can expect to see more forms of malware targeting cryptocurrency ATMs in the future.”
Another recent study conducted by cybersecurity company Duo Security revealed a network of thousands of crypto-related scam bots on Twitter, advertising fake “giveaways.” The project involved 88 million Twitter accounts, with researchers using machine learning techniques to train a bot classifier. The classifier unearthed 15,000 bots spreading fake competitions and impersonating some of the cryptocurrency industry’s best-known figures and businesses.
In July, Valve Corporation removed a game from its Steam video game marketplace that allegedly hijacked users’ computers to mine Monero. Steam took action following complaints from a number of users who said that the game setup file seemed to include a Trojan virus and malware disguised as steam.exe processes and launcher.