Home Malware Programs Malware Cutlet

Cutlet

Posted: June 24, 2019

Cutlet is a Trojan toolkit that lets threat actors withdraw money from ATMs while bypassing relevant security protocols. Since it's available as a premium product on the Black Market, different criminal groups and individuals may deploy it, although it always requires physical access to the machine. Businesses can mitigate these attacks with steps such as narrowly-defined whitelists for software and keep compatible anti-malware solutions for detecting and deleting Cutlet Trojans.

Can You Smell the Robbery that's Cooking?

Trojan businesses aren't about the threat actors that deliver them to new victims solely, but just as much about the programmers and software repackagers who create and sell Black Hat software. The commerce that goes on in the underground Web is well-demonstrated by Cutlet, an ATM-compromising Trojan that gives its admins 'free' money, at the expense of the bank. Rather than being a tool that a specific entity employs, it's available on criminal (and, frequently, Russian) websites.

Notable elements in Cutlet's business endeavors include factors that are outside of the program, itself, such as an extremely in-depth series of tutorials. It offers model-specific information on accessing USB ports, recommendations for avoiding law enforcement, and even a dedicated 'simulation' application for testing attack strategies in contained, safe environments. Its support and usability are likely reasons why Cutlet is seeing widespread use by multiple groups of threat actors over the years.

Cutlet's admin panel, the 'Cutlet Maker,' displays whimsical graphics of a cartoon meat patty and chef. Its interface carries the theme by describing its two options for withdrawing bills as being 'check heat' and 'start cooking.' Unlike some ATM-based threats, malware experts note, Cutlet does require infecting the ATM, itself, instead of compromising a separate computer and manipulating the Automated Teller Machine from there.

Getting the Bills Off the Grill

Although Cutlet's controls limit themselves to withdrawing bills in one of two quantities, threat actors can select any cassette slot of their preference. Malware analysts have yet to examine any version of Cutlet that functions outside of Diebold Nixdorf-brand systems. However, since that company is the dominant ATM manufacturer worldwide, this limitation is a minor one.

Employees can monitor the physical access to their ATMs for tamperings, such as drilling or excessive access to ports. Software-based risk reduction can include blacklisting all unauthorized applications, and reviewing any programs that can use the Nixdorf proprietary API calls for module connection, cash dispensing, and cash transportation regularly. Since Cutlet's code is, now, freely available, any interested party could deploy the Trojan in a new campaign.

Like other, specialized Windows hardware, ATMs have compatible anti-malware services from the cyber-security sector. As a precaution, workers should consider scanning their machines after any unexpected behavior, including unusual reboots or losses of network connection, that may herald the need for removing a Cutlet infection.

Cutlet's interface is a cartoonish and jovial display of culinary work, but robbery isn't very appealing to those who are losing the money. Its broader access to the criminal underground makes Cutlet even more relevant to the ATM industry than it was at its birth.

Loading...