WinPot
Taking money from an ATM device does not have to involve brute force necessarily – cybercriminals have come up with numerous malware projects, which can control specific brands and models of ATMs to empty their cash cassettes. Such attacks are very difficult to execute, but they are possible, and many cybercriminals are using custom-built malware like WinPot to do this.
WinPot is a project that first surfaced in 2019, and the news about it spread on underground hacking forums. Allegedly, the authors of the WinPot ATM malware are selling temporary licenses in exchange for $500 to $1,000 that customers must pay via Bitcoin. This would explain why some samples of the WinPot ATM malware appeared to be configured to work only during a specific period.
A Simplified ATM Malware Does a Threatening Good Job
The interface of the WinPot is very simple, and attackers would need to either have physical access to the infected device or remote access over the Internet. The control window of WinPot shows the available cash cassettes, as well as the number of banknotes they store. The attacker can click the big 'SPIN' button to empty any of the cassettes. Ever since the WinPot was spotted for the first time, more and more updates of the original payload were identified in the wild. They usually used different packers and obfuscation techniques, so these are likely to belong to customers who purchased the malware from the original author.
ATM malware developers seem to use their own malware rarely and, instead, they prefer to sell it to their partners in crime. This not only guarantees profits for them but also gives them more time to develop their malware so that they can tackle some of the issues that ATM malware is known to have:
- Getting around the security measures found in modern ATM devices.
- Making their malware compatible with more ATM models.
- Improve their control over 'malware licensing,' therefore increasing their future profits.
- Eliminating bugs and granting their customers an error-free hacking experience.
The WinPot (also known as ATMPot) malware is undoubtedly a major threat, but ATM devices can be protected against them by strengthening the security policies in the hardware and software department. The USB ports of ATMs should be impossible to access for outsiders, and the device should not be run any processes that are not whitelisted by the owner.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.