FireEye Labs has discovered a new piece of ATM malware that FireEye researchers have called as Backdoor.ATM.Suceful (the name comes from a typo made by the malware authors), which targets cardholders and is able to retain debit cards on infected ATMs, disable alarms, or read the debit card tracks.
FireEye researchers say that this is one of the most sophisticated malware and is capable of performing the following actions on Diebold or NCR ATMs.
- Reading all the credit/debit card track data
- Reading data from the chip of the card
- Control of the malware via ATM PIN pad
- Retention or ejection of the card on demand: This could be used to steal physical cards
- Suppressing ATM sensors to avoid detection
- The malware is vendor independent, similar to Java’s “Write once, run anywhere” mantra. This means that it can be used maliciously by ATM malware, so that it can run transparently in multiple hardware vendors
FireEye says that SUCEFUL is the first multi-vendor ATM Malware targeting cardholders, created to steal the tracks of the debit cards but also to steal the actual physical cards.