A malware dubbed as Cutlet Maker is now for sale over the Dark Net which could be used to crack ATMs in as fast as 60 seconds.

ATMs nowadays become targets of cyber-criminals because of their increasing availability and vulnerability due to their conspicuous locations and lack of physical security.  A new method is now available to the public in just a meager amount of 5000 USD.

The attack starts by obtaining physical access to an ATM.  The attacker shall then expose its USB port and connect a hub which shall be the port for a wireless keyboard, mouse, and a flash drive which stores the Cutlet Maker malware package.

The package consists of three main files: Cutlet Maker, which is the main app used to interact with the ATM’s software APIs, Stimulator, an app to get the content of each of the ATM’s cash cassettes, and c0decalc, a code generator for the malware interface.

Once the devices are connected, the attacker can now run the Cutlet Maker malware.  The interface then asks for a code, which could be generated from c0decalc.  C0decalc serves as the copyright protection of the authors of the Cutlet Maker.

Cutlet Maker User Interface


The buttons on the Cutlet Maker interface functions as follows:

CHECK HEAT – dispenses one from the corresponding four ATM Cassettes

start cooking! – dispenses 60 notes in 50 different series

Stop – stops a “Start cooking!” process

Reset – resets the cash dispensing process

The attacker can then use the Stimulator to check the ATM balance.  The attacker receives exact information on the currency, value and number of notes in each cassette, so can then choose the one containing the largest amount, instead of blindly withdrawing cash one by one, and start dispensing money using the Cutlet Maker.

This type of malware does not affect bank customers directly, it is intended for the theft of cash from specific vendor ATMs.  CUTLET MAKER and Stimulator show how criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.

Although the malware package seems fairly easy for anyone to use, even without novice hacking skills, the execution is difficult.  Accessing an ATM is simple, but breaching the machine and exposing its USB drive could trigger machine alarms or even be noticeable to security personnel.

For further security ATM vendors are advised to implement machine policies that will prevent unauthorized applications to be launched and will restrict connection of external devices to the ATM.  Anti-malware programs can also be utilized to detect future and different kinds of machine-modifying applications.


Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.



  1. Hey webmaster
    When you write some blogs and share with us,that is a hard work for you but share makes you happly right?
    yes I am a blogger too,and I wanna share with you my method to make some extra cash,not too much
    maybe $100 a day,but when you keep up the work,the cash will come in much and more.more info you can checkout my blog.
    good luck and cheers!

  2. I see your website doesn’t rank in google’s
    top 10, but your articles can get into top 10. You should find the right
    longtail keywords before you write an article.
    How to find super easy longtail keywords? Search in google for;
    Fasrixo’s tools

Leave a Reply to 2018Hulda Cancel reply

Your email address will not be published. Required fields are marked *