Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

New Linux Malware Targeting ATMs for Financial Fraud

Oct. 17, 2024, 10:21 a.m.

Description

A recent analysis reveals a new variant of the FASTCash malware, designed to compromise financial networks by manipulating payment transactions. Developed by threat actors potentially linked to North Korean hacking groups, this Linux version specifically targets Ubuntu 20.04 systems in ATMs. It intercepts declined magnetic swipe transactions and authorizes them with fraudulent amounts in Turkish Lira, removing security controls like PINs. The malware demonstrates evolving tactics aimed at exploiting vulnerabilities across various operating systems within the financial ecosystem.

Date

Published: Oct. 17, 2024, 9:57 a.m.

Created: Oct. 17, 2024, 9:57 a.m.

Modified: Oct. 17, 2024, 10:21 a.m.

Indicators

f43d4e7e2ab1054d46e2a93ce37d03aff3a85e0dff2dd7677f4f7fb9abe1abc8

f34b532117b3431387f11e3d92dc9ff417ec5dcee38a0175d39e323e5fdb1d2c

c3904f5e36d7f45d99276c53fed5e4dde849981c2619eaa4dbbac66a38181cbe

afff4d4deb46a01716a4a3eb7f80da58e027075178b9aa438e12ea24eedea4b0

7f3d046b2c5d8c008164408a24cac7e820467ff0dd9764e1d6ac4e70623a1071

609a5b9c98ec40f93567fbc298d4c3b2f9114808dfbe42eb4939f0c5d1d63d44

5232d942da0a86ff4a7ff29a9affbb5bd531a5393aa5b81b61fe3044c72c1c00

3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c

2611f784e3e7f4cf16240a112c74b5bcd1a04067eff722390f5560ae95d86361

129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0

10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba

078f284536420db1022475dc650327a6fd46ec0ac068fe07f2e2f925a924db49

Attack Patterns

FASTCash

Lazarus, APT38, Bluenoroff, or Stardust Chollima

T1586

T1059.003

T1557

T1059.007

T1497

T1499

T1078

T1003

T1059

Additional Informations

Finance