Cybercriminals are now selling malware that affects Bitcoin ATMs, including cards that allows BTC withdrawals in the thousands of dollars.
The number of Bitcoin ATMs continues to steadily grow. There are 3,541 such ATMs installed throughout the world, and over 6 are put into use every day. However, just as criminals have targeted standard bank ATMs, they are now targeting cryptocurrency ATMs as well.
Malware for Sale
Trend Micro has done some stellar cybersecurity research, digging into forums on the Dark Web. Postings concerning Bitcoin ATMs caught their eye. The security researchers note that criminals targeting standard bank ATMs have changed their game recently, switching from skimmers to using malware instead.
Now researchers have found listings of malware for sale that is specifically designed to target cryptocurrency ATMs. A vendor was offering the malware for the price of $25,000. The malware exploits a service vulnerability, letting the scammer “purchase” up to 6,750 USD/EUR/GBP in bitcoins. The vendor notes that the malware does not require physical access and can be “maintained as a normal purchase with EMV or NFC2 pre-written card.”
Fortunately for those willing to pony up the $25,000 to buy the malware, the seller is including both EMV and NFC ready-to-use cards for the buyer to use. Even more surreal is that the seller notes that shipping times vary depending upon the buyer’s location.
One has to admit that the malware seller is definitely on his game. The entire package comes with a multilingual (EN/RU/DE) guide, and he even offers 24/7 Jabber support for every customer.
Bad News for Bitcoin ATMs
To be honest, this could be pretty bad for cryptocurrency ATMs, depending upon how prevalent such hacking becomes. One major factor in growing Bitcoin acceptance is the ability to buy and sell it easily, and ATMs are a great way to expedite such matters. If hackers can easily withdraw thousands of dollars of BTC through fraudulent means, then you can bet such machines will not be long in service.
The possibility of such malware going big is feasible. Micro Trend points out that the basic tools to use crypto ATMs are mobile numbers and ID cards. Such items can be easily fabricated or stolen. The researchers also note that cryptocurrency wallets are not standardized and usually downloaded from app stores, which just adds to the security headache.
One thing to remember is that there are plenty of smart criminals. Any time a new technology emerges, a percentage of the criminal class immediately starts working on ways to crack it.
Such criminals can be highly enterprising. The vendor for the Bitcoin ATM malware even expresses his desire to partner with some professional teams to work on a percentage basis. He does require a five-figure escrow account safety deposit for the partnership to begin, but he is willing to offer specific builds with “extended functionality for extra monetizing.”
Do you use Bitcoin ATMs on a regular basis? Let us know in the comments below.
Images courtesy of Shutterstock.