Russian ATM hackers arrested

Posted by   Virus Bulletin on   Dec 2, 2010

Gang used customized malware bought on hacker forum.

Police in the Siberian city of Yakutsk have arrested a gang of hackers who had installed malware on ATMs throughout the city.

The group of criminals appears to have had a very professional structure, with different members performing different roles within its organization. The writing of the malware was 'outsourced': a malware writer was recruited through a hacker forum to construct a piece of malicious code that would infect ATMs, thus allowing the criminals to gain access to the bank accounts of customers using the machines.

It is believed the gang had been successful in gaining control of all AMTs in the 200,000 population city. However, the gang was pulled up by the police before they managed to start putting their plan into full operation. According to the regional government, the hacker who wrote the malware has also been arrested.

More at HostExploit here.

Posted on 02 December 2010 by Virus Bulletin



Latest posts:

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.

Paper: EternalBlue: a prominent threat actor of 2017–2018

We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail.

'North Korea' a hot subject among VB2018 talks

Several VB2018 papers deal explicitly or implicitly with threats that have been attributed to North Korean actors.

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.

MnuBot banking trojan communicates via SQL server

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.