A bank alerted Kaspersky to some suspicious withdrawals, and an investigation revealed that 50 ATMs in Eastern Europe were infected with the malware, which has been named Tyupkin.
The malware has since been detected around the globe, in countries including the USA, India, France, Israel, Malaysia and China.
So far it has been used to steal millions of dollars, according to Kaspersky and Interpol.
It's no secret that this year has been a volatile one for the markets. The S&P 500 is down 18% year to date, while the Nasdaq Composite is off by 27% year to date. Meanwhile, the VIX, a key measure of volatility, is up 49% year to date at 24.72. However, it has spiked as Read More
The Windows-based ATMs were attacked after gangs took advantage of weak security to insert a CD, from which the malware was uploaded. Mules were then sent to the machines at specific times on either Sunday or Monday nights, armed with a randomly generated code which would allow them to withdraw up to 40 notes at a time.
The codes were generated only once, rendering them useless to those not involved in the gang.
In a nod to the sophistication of the operation, the gang has been steadily improving Tyupkin since it first came to Kaspersky’s attention in January. An upgrade enabled the gang to disable McAfee Solidcore security software installed on the ATMs to further reduce the chance of detection.
The security company claims that malware attacks on ATMs are a response to greater awareness of traditional skimming attacks, where criminals physically replace the hardware of a machine in order to clone cards and collect pin numbers.