New Linux Malware Targeting ATMs for Financial Fraud
Oct. 17, 2024, 10:21 a.m.
Tags
External References
Description
A recent analysis reveals a new variant of the FASTCash malware, designed to compromise financial networks by manipulating payment transactions. Developed by threat actors potentially linked to North Korean hacking groups, this Linux version specifically targets Ubuntu 20.04 systems in ATMs. It intercepts declined magnetic swipe transactions and authorizes them with fraudulent amounts in Turkish Lira, removing security controls like PINs. The malware demonstrates evolving tactics aimed at exploiting vulnerabilities across various operating systems within the financial ecosystem.
Date
Published: Oct. 17, 2024, 9:57 a.m.
Created: Oct. 17, 2024, 9:57 a.m.
Modified: Oct. 17, 2024, 10:21 a.m.
Indicators
f43d4e7e2ab1054d46e2a93ce37d03aff3a85e0dff2dd7677f4f7fb9abe1abc8
f34b532117b3431387f11e3d92dc9ff417ec5dcee38a0175d39e323e5fdb1d2c
c3904f5e36d7f45d99276c53fed5e4dde849981c2619eaa4dbbac66a38181cbe
afff4d4deb46a01716a4a3eb7f80da58e027075178b9aa438e12ea24eedea4b0
7f3d046b2c5d8c008164408a24cac7e820467ff0dd9764e1d6ac4e70623a1071
609a5b9c98ec40f93567fbc298d4c3b2f9114808dfbe42eb4939f0c5d1d63d44
5232d942da0a86ff4a7ff29a9affbb5bd531a5393aa5b81b61fe3044c72c1c00
3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c
2611f784e3e7f4cf16240a112c74b5bcd1a04067eff722390f5560ae95d86361
129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0
10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba
078f284536420db1022475dc650327a6fd46ec0ac068fe07f2e2f925a924db49
Attack Patterns
FASTCash
Lazarus, APT38, Bluenoroff, or Stardust Chollima
T1586
T1059.003
T1557
T1059.007
T1497
T1499
T1078
T1003
T1059
Additional Informations
Finance