INJX_Pure
Malware does not always need to be compatible with hundreds of different devices to spread around the entire world. Often, cybercriminals prefer to dedicate their time, resources, and expertise to developing a piece of malware that only targets specific infrastructure. This is the case of the INJX_Pure, a piece of malware that was first reported in 2019, and it seemed to target ATM (Automated Teller Machine) devices in Colombia and Mexico. However, there is not enough gathered data to determine whether:
- The criminals originate from that country.
- The malware is being sold or rented out by an unknown malware developer who has clients from these regions.
INJX_Pure, also known as ATMJaDi, has impressed cybersecurity experts with its tailored design – samples of the malware were compatible with ATMs of a specific make and model only, and they often targeted the ATMs of a particular bank. Usually, ATM malware needs to be run manually on the targeted device, so this means that the cybercriminals would need to have physical access to the device – this explains why the ATMs they target are likely to be in secluded areas. Once installed and activated, the INJX_Pure implant greets the operator with a 'Welcome Screen' that contains the message 'Freedom and glory' in multiple languages – this is believed to be an element meant to cause confusion about the origin of the creators.
Cybercriminals might be Commanding the INJX_Pure Implant via a Compromised Bank Computer
The INJX_Pure sets up an HTTP server automatically, and can then use it to accept commands over the Internet. However, there is a catch – ATMs are not connected to the public Internet in the way you are. They are connected to the bank's network only – this is likely to mean that the criminals have not only managed to plant malware on an ATM, but they also have compromised the network security of the ATM's bank.
The attacker is able to command the ATM to perform the following tasks:
- Dispense a specific cassette or all cassettes.
- Run a piece of code on the ATM.
- Get a list of all Java classes running on the compromised machine.
- Load more malware via '.jar' Java files.
- Send remote commands to be executed via the 'Command Prompt.'
Malware attacks against ATMs are very uncommon, and only a handful of cybercrime organizations are able to carry them out successfully.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.