New Linux Malware Targeting ATMs for Financial Fraud

Oct. 17, 2024, 10:21 a.m.

Description

A recent analysis reveals a new variant of the FASTCash malware, designed to compromise financial networks by manipulating payment transactions. Developed by threat actors potentially linked to North Korean hacking groups, this Linux version specifically targets Ubuntu 20.04 systems in ATMs. It intercepts declined magnetic swipe transactions and authorizes them with fraudulent amounts in Turkish Lira, removing security controls like PINs. The malware demonstrates evolving tactics aimed at exploiting vulnerabilities across various operating systems within the financial ecosystem.

External References

https://otx.alienvault.com/pulse/6710df701c4760fc8f6d3d4b
Tags
malware
linux
fraud
fastcash
2024-10-17
financial
transaction
atm

Date

  • Created: Oct. 17, 2024, 9:57 a.m.
  • Published: Oct. 17, 2024, 9:57 a.m.
  • Modified: Oct. 17, 2024, 10:21 a.m.

Indicators

  • f43d4e7e2ab1054d46e2a93ce37d03aff3a85e0dff2dd7677f4f7fb9abe1abc8
  • f34b532117b3431387f11e3d92dc9ff417ec5dcee38a0175d39e323e5fdb1d2c
  • c3904f5e36d7f45d99276c53fed5e4dde849981c2619eaa4dbbac66a38181cbe
  • afff4d4deb46a01716a4a3eb7f80da58e027075178b9aa438e12ea24eedea4b0
  • 7f3d046b2c5d8c008164408a24cac7e820467ff0dd9764e1d6ac4e70623a1071
  • 609a5b9c98ec40f93567fbc298d4c3b2f9114808dfbe42eb4939f0c5d1d63d44
  • 5232d942da0a86ff4a7ff29a9affbb5bd531a5393aa5b81b61fe3044c72c1c00
  • 3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c
  • 2611f784e3e7f4cf16240a112c74b5bcd1a04067eff722390f5560ae95d86361
  • 129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0
  • 10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba
  • 078f284536420db1022475dc650327a6fd46ec0ac068fe07f2e2f925a924db49
Download all indicators here!

Attack Patterns

  • FASTCash
  • Lazarus, APT38, Bluenoroff, or Stardust Chollima

Additional Informations

  • Finance