Posted: October 14, 2014

Tyupkin Description

Tyupkin is a Trojan that allows criminals to compromise ATM machines, afterward letting them withdraw up to forty bills in a single transaction. Although Tyupkin is most often seen in the nation of Russia, malware researchers also have seen Tyupkin infections confirmed in regions as far abroad as Malaysia and North America. Because Tyupkin installs itself via physical access to the machine in question, proper physical security is essential in limiting Tyupkin's distribution – and preventing automated teller machines from giving 'free' money to criminals.

A Thief that Goes Straight to the Source

Although many forms of finance-oriented threats prefer to carry off from bank customers or 'skim' for credit card details, Tyupkin is designed with a different target in mind: the physical banknotes stored in ATM machines. Criminals install Tyupkin by breaking into an ATM machine's internal CD drive and loading a bootable CD with this threat. If Tyupkin fails to gain full control over the ATM machine's keypad, Tyupkin will delete itself.

However, the newest variants of Tyupkin operate on a strict schedule and take basic security steps to prevent normal ATM customers from gaining access to its money-clasping functions. Unless configured otherwise, Tyupkin only allows access on two days of the week, Sunday and Monday nights. It also requires that the login user enter a specific unlock key based on a seed that Tyupkin displays on the screen. Since only Tyupkin's designers know the algorithm used with the seed to generate the appropriate key, these precautions prevent both normal customers and security researchers from gaining full access to Tyupkin.

Once the criminals enter the key, Tyupkin allows them to view basic information on the currencies available in the machine, and withdraw up to forty bills from an internally-stored cassette. In contrast to most Point-of-Sale or POS Trojans, such as Project Hook, Tyupkin does not try to collect card information from the machine's customers.

How an Eye in the Sky can Save Your Business

Major aliases of Tyupkin Trojans include BKDR_PADPIN.A or Backdoor:MSIL/Sidkey.A, and new variants of this threat are under regular development. Although roughly two-thirds of all estimated Tyupkin infections reside within Russia, businesses in other nations also have been confirmed for being at risk of these attacks. Both Tyupkin's installation and its cash-withdrawal functions require criminals to have unobserved access to the ATM machine, and, thus, adequate storefront security is the most obvious defense against all known Tyupkin variants.

Some of Tyupkin's versions also include extra functions, such as being able to terminate McAfee Solidcore or disable LAN. Since threat database updates provide the greatest assurance of your security products being able to identify and remove Tyupkin, Tyupkin's development history only provides further fuel to the importance of updating security solutions regularly.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Tyupkin may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.