Ploutus the Trojan who steals money from ATMs by SMS

In the middle of last year or Symantec detected a Trojan called Backdoor.Ploutus that allows you to withdraw money freely from ATMs. Once the ATM system becomes infected, the attacker can use an external keyboard or even the ATM keyboard itself to execute a series of commands that release the banknotes.

This is not a proof of concept or something that only works in the lab, it is already operating in the real world. It has been detected in countries like Mexico and there are versions of the malware translated into English.

But managing to infect the ATM with Ploutus is not so easy since physical access is required to use a bootable CD or USB and only authorized bank staff are supposed to have it. Although it will not be strange that cybercriminals manage to do it in other ways.

People say that more than 90% of the ATMs in the world work with Windows XP, an operating system from the year 2001 that in a few days – the next April 8, 2014 – will no longer receive support. In other words, the new vulnerabilities detected in the system will no longer be patched by Microsoft.

Although these versions of XP used by ATMs may have an extra layer of protection, without support they will become vulnerable to various types of attacks that many cybercriminals probably already have prepared. Some financial institutions are already migrating their systems to Windows 7 and 8, others are negotiating with Microsoft to provide them with extended support.

Withdrawing money from the ATM by SMS:

A few days ago Symantec published details about a new variant of Ploutus that could be controlled by SMS. Like its predecessor, it requires physical access to install the Trojan and also connect a cell phone to the USB port:

one- Trojan and cell phone are installed inside the ATM (requires physical access)2- Certain commands are sent by SMS3- The Trojan is activated and a certain amount of money is released

In this way, the attacker simply has to send text messages with the appropriate commands so that the Trojan can do its own thing. This more advanced system allows you to maintain remote control and send a mule in search of cash.

In the world of cybercrime, mules are people who move money from one place to another in exchange for a commission, often without knowing that they are part of a crime. Thus, real criminals avoid being caught or at least make it difficult for investigators.

As I mentioned before, these attacks are not science fiction and are currently happening. See Symantec's post for more details and a video that quickly shows how it will work.

In relation to this issue of ATMs and the security of your money, I recommend the following articles:

– Did you know that they can clone your card for using an ATM? – Beware of fake payment terminals