Bitcoin ATM Malware Found For Sale On The Dark Web

Crime, News | August 10, 2018 By:

Dark Web vendors are now selling malwares specifically designed to target bitcoin ATMs, according to cybersecurity firm TrendMicro.

In the blog post, the cybersecurity firm cites an advertisement posted by an “apparently established and respected” user on a darknet forum. The malware reportedly exploits a service vulnerability of bitcoin ATMs that allows the user to receive bitcoins worth up to 6,750 in US dollars, euros, or pounds. At a cost of $25 000, the package includes, “a ready-to-use card that comes with EMV and near-field communication (NFC) capabilities.”

The seller has reportedly received over 100 online reviews both for the malware and other products. Another thread reveals that the seller is also offering regular ATM malware that has been updated for EMV standards, a global standard for credit and debit payment cards based on chip card technology. According to other comments on the thread, the malware works by exploiting a menu vulnerability to disconnect the bitcoin ATM from the network in order to disable alarms.

“Unlike regular ATMs, there is no single set of verification or security standards for bitcoin ATMs,” TrendMicro said. “For example, instead of requiring an ATM, credit, or debit card for transactions, a bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification. The user then has to input a wallet address or scan its QR code. The wallets used to store digital currencies are not standardized either and are often downloaded from app stores, posing another security problem. Given the seemingly Wild West nature of bitcoin ATM security, cybercriminals are sure to take advantage.”

The number of crypto ATMs globally sits around the 3500 mark, their presence has more doubled since last year, and nearly 8 machines are being installed every day. TrendMicro said that as the number of crypto ATMs grows, they expect to see more forms of malware targeting crypto ATMs in the future.