Joint investigative work has uncovered that a new strain of malware has been deployed in the wild, which aims to rob banks by tricking ATM systems into ejecting all the money it contains. The attack is referred to as a “jackpotting,” and the activity does not require any stolen credit or debit card to work.
Investigators detailed jackpotting has been going on since 2017, and hackers have run away with millions of stolen Euros. Alarmingly, the malware is being sold for only $1000 in the black market.
Specifically, the investigation centered on reported cases of ATM robberies in Germany in 2017 — where hackers have used malware called “Cutlet Maker” — was used to carry out the jackpotting attack.
Jackpotting is a technique used by hackers to trick the ATM machine into ejecting all the cash it contained using malware deployed through a piece of hardware. Hackers usually install the malware in an ATM by physically opening a panel on the machine to gain access to a USB port.
“Ho-ho-ho! Let’s make some cutlets today!” Cutlet Maker’s control panel reads, alongside cartoon images of a chef and a cheering piece of meat. Interestingly, the investigators said that the word “cutlet” does not only refer to a cut of meat, but also to a bundle of cash in Russian.
The joint investigation conducted by Motherboard and the German broadcaster Bayerischer Rundfunk (BR) revealed that the operation earned millions of Euros in different operations across Germany. They were also able to contact a cybercriminal who said that he is selling the malware for only $1000, including the instructions on how to use it and how to successfully carry out the attack.
“Yes, I’m selling. It costs $1000,” the cybercriminal told the investigators.
A source has revealed that since 2017, the attacks on German banks and their ATMs have decreased; however, other multiple sources confirmed that the ATM attacks increased in other regions. This data makes the operation a global threat to the financial sector.
Further, sources discussed that the attacks were seen in the U.S., Latin America, and Southeast Asia. The issue impacts banks and ATM manufacturers across the financial industry around the world.
“The U.S. is quite popular,” a source familiar with ATM attacks told Motherboard. According to the investigators, they have contacted different sources familiar with the hacking scheme — including law enforcement.
A German prosecutor said that his office is investigating at least ten incidents that took place between February and November 2017. Some of these attacks, Christoph Hebbecker, a prosecuting attorney for the German state of North Rhine-Westphalia said, have successfully stolen bundles of cash from affected ATMs. Hebbeker estimates that the hackers stole at least $1.5 million.
The prosecutor also suggested that since the attack patterns and the modus operandi appears to be similar in most of the cases, there is a massive possibility that it is operated by a large scale criminal gang.
Nonetheless, the evidence they have gathered is still not enough to pinpoint a suspect in the said attacks in German banks.