Cyber crooks using Chinese malware to hack into and steal money from ATMs

Technology > Security


The new-age cyber criminal doesn't need your bank cards or account details to get a cash machine to spit out money. Using malware, they can hack into an Automated Teller Machine (ATM) and empty it out within minutes. Security agencies have cautioned the banking sector with cases of ATM breach, which do not require cards or breaking into the hardware, coming to light in parts of the country.

According to investigators, a Chinese software - Rufus - is being used by criminals to access cash dispensers and loot money. Instances have been reported in Odisha, West Bengal, Bihar and Gujarat. State police departments have written to the Reserve Bank of India, informing about this loophole in the ATM security system.

Sources say cyber criminals are exploiting outdated software being used in ATMs. The compromised cash machines were found to be running on the moth-eaten Microsoft Windows XP operating system. The RBI during the global WannaCry ransomware attack last month advised ATM operators to upgrade their system.

"We have so far found that this malware only targets ATMs working on Windows XP, which is prone to hacking given its low security," said Cuttack deputy commissioner of police (DCP) Sanjeev Arora.

The spate of hacking incidents started in the Odisha city when Rs 17 lakh was withdrawn from an ATM and similar reports started pouring in from other parts of the state, with damages mounting to Rs 40 lakh.

The cyber crime branches of West Bengal and Bihar police confirmed to Mail Today about net crooks adopting this modus operandi. A senior officer in West Bengal said his team is consulting cyber crime experts to crack such cases.

Last year ATM machines were targeted with a similar ploy in Bihar's Patna, Begusarai and Jehanabad.


Investigations revealed that the hackers went to unguarded ATMs at night. The machines were subjected to a "physical" malware attack by inserting an infected pen drive in the dispenser's USB port to transfer the malicious file, causing the machine to behave erratically.

"Our probe uncovered that criminals used a key to open the upper compartment of the ATMs where the computers were located. Using an infected USB drive malware was transferred and the systems were rebooted. Once they got restarted, the systems would get de-linked from the main servers of the service provider. The malware when used on an ATM generates a code, which the crooks send to their gang members, who convert the code to a password, and as soon the password is applied the ATM dispenses cash," Arora told Mail Today.

The officer explained that banks would not immediately learn about the crime as crooks bypass the server and the hackers swiftly walk away without raising an alarm.

Security agencies also point out that off-site ATM vendors are violating rules and are not ensuring adequate virtual and physical security of the machines, leading to such crimes.


"The government and RBI should make ATM manufacturers compulsorily install new and robust operating systems," said Mumbai-based cyber lawyer and expert Prashant Mali. "If the government plans to increase the number of ATMs, then it should ensure that they are available whenever needed. In recent cases, we have seen ATMs going down due to attacks. It not only deprives a user from withdrawing money but also exposes them to cyber criminals."

Sources say following such incidents, banks have ordered a forensic audit. But neither they nor ATM manufacturers have confirmed whether a software malfunction caused the glitch.

Makers of cash dispensers have denied that any security loophole exists from their end, but acknowledged that certain cases have come to their notice though these are not widespread.

According to sources, the Reserve Bank of India is aware of the situation and is closely working with National Payments Corporation of India to tell banks what security steps are required to protect the machines.

State police officials have asked the RBI to instruct banks to incorporate latest security features in the ATMs.

Photo by: mrganso / Pixabay