A new ATM malware has hit the streets and it’s called Suceful. This new malware seems to have been created in August 2015, and it is unclear if it is still under development or has already been actively deployed. Security firm FireEye is researching Suceful now and discovered it on the website VirusTotal, used to analyze users files for viruses. They do believe that Suceful is not currently in use. The malware was in a file uploaded by a user in Russia and FireEye says its capabilities are impressive.
According to the security firm, Suceful is capable of reading data from the payment card’s magnetic stripe and chip, and disabling ATM sensors. The malware, which attackers can control from the ATM’s PIN pad, also includes a feature that hasn’t been seen at other such threats: it can retain and eject inserted cards to allow fraudsters to physically steal them.
The malware communicates with the ATM hardware via XFS, a standard that provides a client-server architecture for devices used in the financial industry, such as ATMs and electronic payment systems.
The most interesting part of this malware is the attackers can instruct the ATM to keep the card inside the machine. Once the victim walks away the attacker can go to the machine and key in a code to retrieve the card and they then have physical possession of the card along with the pin number already lifted by the software.
“Suceful is the first multi-vendor ATM Malware targeting cardholders, created to steal the tracks of the debit cards but also to steal the actual physical cards, which is definitely raising the bar of sophistication of this type of threats,” FireEye researchers wrote in a blog post.
Again, FireEye still believes Suceful is under development and has yet to be deployed in the real world. Hopefully this information has been released in time to get ahead of any potential attacks that may happen. FireEye believes Suceful was written to specifically target Diebold and NCR made ATM machines. Take a look at the videos below to see how criminals target ATM machines.
Thanks for the tip Jeff!