A malware that had been discovered in ATMs in Mexico has improved and translated into English, suggesting that it can be used elsewhere, according to the security company Symantec.
There are two versions of malware Ploutus. Both as we had published were previously built to empty ATMs.
Unlike most malware, to Ploutus can be installed in a rather old-fashioned way: with a bootable CD on system of the ATM running Microsoft Windows. The installation method suggests that cyber criminals are targeting autonomously ATMs where access is easier.
Ploutus displays a graphical user interface, which helps the hacker to pass a numerical sequence on the ATM's keypad and thus the malware can be controlled by a keyboard, said o Daniel Regalado, a malware analyzer for her Symantec.
Ο Kevin Haley, διευθυντής της Symantec Security Response, δήλωσε σε συνέντευξή του νωρίτερα αυτό το μήνα ότι οι επιτιθέμενοι έχουν βαθιά γνώση του λογισμικού αλλά και του υλικού που χρησιμοποιείται στα ATMs.
The Ploutus source code "contains Spanish operating names and bad English grammar indicating that malware has been encoded by Spanish-language developers," Regalado says.
But with a new release, Regalado reported that Ploutus became much more powerful and translated into English, indicating that the same malware could be exploited in other countries than Mexico.
Symantec has already informed those who are programming the ATMs to change the boot order in the BIOS and to boot only from the hard disk and not from CDs, DVDs or USB sticks. It BIOS as the security company also mentions it should be password protected access.
Η Symantec has published a video showing the different ways to exploit malware.
Watch this