A malware dubbed as Cutlet Maker is now for sale over the Dark Net which could be used to crack ATMs in as fast as 60 seconds.
ATMs nowadays become targets of cyber-criminals because of their increasing availability and vulnerability due to their conspicuous locations and lack of physical security. A new method is now available to the public in just a meager amount of 5000 USD.
The attack starts by obtaining physical access to an ATM. The attacker shall then expose its USB port and connect a hub which shall be the port for a wireless keyboard, mouse, and a flash drive which stores the Cutlet Maker malware package.
The package consists of three main files: Cutlet Maker, which is the main app used to interact with the ATM’s software APIs, Stimulator, an app to get the content of each of the ATM’s cash cassettes, and c0decalc, a code generator for the malware interface.
Once the devices are connected, the attacker can now run the Cutlet Maker malware. The interface then asks for a code, which could be generated from c0decalc. C0decalc serves as the copyright protection of the authors of the Cutlet Maker.
The buttons on the Cutlet Maker interface functions as follows:
CHECK HEAT – dispenses one from the corresponding four ATM Cassettes
start cooking! – dispenses 60 notes in 50 different series
Stop – stops a “Start cooking!” process
Reset – resets the cash dispensing process
The attacker can then use the Stimulator to check the ATM balance. The attacker receives exact information on the currency, value and number of notes in each cassette, so can then choose the one containing the largest amount, instead of blindly withdrawing cash one by one, and start dispensing money using the Cutlet Maker.
This type of malware does not affect bank customers directly, it is intended for the theft of cash from specific vendor ATMs. CUTLET MAKER and Stimulator show how criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.
Although the malware package seems fairly easy for anyone to use, even without novice hacking skills, the execution is difficult. Accessing an ATM is simple, but breaching the machine and exposing its USB drive could trigger machine alarms or even be noticeable to security personnel.
For further security ATM vendors are advised to implement machine policies that will prevent unauthorized applications to be launched and will restrict connection of external devices to the ATM. Anti-malware programs can also be utilized to detect future and different kinds of machine-modifying applications.