Hackers Using Chinese Malware to Rob ATMs Using Outdated Windows XP

As technology progresses, it seems that hackers and hacking methods do too. It wasn’t that long ago when hackers had to steal your credit card info or your bank card itself to get the money out of your account. Now they don’t have to since the ATMs are just giving away money as soon as they get infected by the new malware.

Several security agencies have already warned banks that their ATMs are being breached and robbed. The thieves don’t have to break into the hardware, nor do they need to steal credit cards.

Instead, they use Rufus, a new Chinese software that makes the ATMs simply give up the money. Several reports of such thefts have already been received, and they came from many different places. West Bengal, Gujarat, Odisha, and Bihar were all affected by this new way of stealing the money.

According to some sources, the Rufus malware can exploit old and outdated ATM software. All of the affected ATMs were found to be still using the old versions of Windows XP. This was discovered despite the fact that they were notified about the system’s vulnerability to the WannaCry attack.

So far, only the ATMs with this software were affected, but that doesn’t guarantee that the others are completely safe either. This system is mostly targeted because it’s easy to hack. The first hacking incident apparently happened in Odisha city. Soon after, the reports from other areas started coming in as well.

It was confirmed by the Bihar police and the West Bengal cyber crime branches that the attacks are the work of the cyber criminals. The police are consulting cyber experts in an attempt to get any help that they can with cracking this case.

This isn’t the first time that something like this has happened either. The last case of ATM hack was reported last year when similar strategies were used. Back then, the targets were Begusarai, Jehanabad, and Bihar’s Patna.

As for the method they used, it’s reported that the hackers are targeting unguarded ATMs during the night. They insert the infected pen drive in the USB port, and that way they infect it with malware. The malware would restart the system, which breaks the connection with the service provider’s servers.

Malware also generates a code after it’s used on the ATM, and that code can be translated into a password. When the password is entered, the ATM releases the money. The worst thing is that this kind of attack wouldn’t immediately raise the alarms. Meaning that the hackers can do their thing and simply walk away.

Partial blame lies on the ATM vendors for not ensuring an adequate security for the machines, which is a major rule violation, as pointed out by the security agencies. Prashant Mali, a cyber lawyer from Mumbai, says that the government should make sure that ATM makers are installing decent security in their products.

He also says that the government’s plans to increase the number of ATMs should include enhancement of security. Otherwise, they wouldn’t be functional and available when needed. So far, the ATM makers have denied the existence of any security loopholes or other flaws.

Still, they admitted that there are several noticed cases of malfunction, but that they aren’t widespread. The Reserve Bank of India is apparently also aware of this situation. They are working closely with National Payment Corporation of India, and the plan is to instruct the banks on how to enhance their security.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts