October 27, 2017

Malware to Empty ATM’s is being sold on Darknet Market

Hacking and emptying the ATM machines can be done by anyone. Yes, the ATM malware to empty the ATM machines is being sold on the Darknet market for $5000.

It was first discovered by the researchers at Kaspersky Lab after spotting a post advertising the malware targeting specific ATM vendor machines by Cutlet Maker. The ad was initially published on the darknet marketplace AlphaBay which was recently taken down by the FBI. The price of the kit was $5000 at the time of research.


The advertisement on AlphaBay included details such as targeted ATM models, equipment as well as tips and tricks for the malware’s operation and it also mentioned about the manual for the toolkit. The manual contains description about all the parts of the toolset. The list of crimeware from the toolkit includes:

  • Cutlet Maker—ATM malware which is the primary element of the toolkit.
  • Stimulator—an application to gather cash cassette statuses of a target ATM.
  • c0decalc—a simple terminal-based application to generate a password for the malware without any protection.

The researchers at the Kaspersky tell that the functionality of the Cutlet Maker malware need two people to be involved in the ATM money theft. And the names of the roles are called “drop” and “drop master.”


The researchers say that the “Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password”. “Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface.

The manual also mentions ATM malware Tyupkin which was first analyzed by Kaspersky Lab in 2014  and used by an international cybercrime gang.


The malware does not affect bank customers directly, it is intended to theft the bank ATMs from a specific vendor. “CUTLET MAKER and Stimulator show how criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM“. The researchers found that the hackers are likely to use USB drivers to install malware into the ATM machines. To avoid such attacks the researchers suggested that the ATM machines should include default-denial policies and device control to prevent connecting any new devices.


About the author 


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}