Skimer
Skimer (also referred to as Ligsterac) was one of the first pieces of ATM malware, which showed malware researchers that cybercriminals might be adopting a new approach when it comes to attacking financial institutions – instead of targeting thousands of customers worldwide, they opted to create malware that targets ATMs.
ATM malware works by allowing the attacker to control the malware and make it dispose cash while ignoring the bank's safety checks. Often, operating such malware requires physical access to the ATM device since the attacker would need to plug an infected USB drive in the ATM's USB port.
The Operators Use a 'Magic Card' to Authenticate Themselves
Skimer's configuration is rather unusual since the attackers use an innovative method to 'authenticate' themselves with the infected ATM, as well as to ensure that their threatening program will stay under the radar. Every Skimer sample is configured to work during a specific time frame, and it will shut itself off after those particular hours. Furthermore, to access Skimer's control, the attackers will have to enter a pre-made 'magic card' – a bogus credit card that uses a specific number and credentials that serve as authentication for the Skimer malware. Once this card is entered during the 'working hours' of the malware, Skimer will prompt the attackers to enter one of the 21 codes that correspond to various commands supported by Skimer:
- Dispense 40 bank notes from a selected cassette.
- Begin the process of skimming the credit card data of used cards.
- Exfiltrate the skimmed credit cards.
- Enter debug mode.
- Self-removal.
- Automatic updates.
These are just some of the primary commands that the attackers are likely to use, but there are at least a dozen other actions that the Skimer malware can execute.
The first samples of Skimer were detected back in 2009, and ATM malware has developed a lot since then – nowadays criminals tend to stay away from the 'skimming' part, and prefer a fast cash grab by dispensing the infected ATM's cassettes.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.