After Mexico, attackers of Ploutus will target an unidentified ATM brand to steal money in English-speaking countries. Attackers of Ploutus have further improved the software program and also translated in English language to be used for an unidentified ATM brand in English-speaking countries, Symantec Security Response suggests. Symantec antivirus vendor has also suggested they have discovered two versions of the Ploutus malware which are designed to clear out an unidentified type of ATM. So, how will this ATM malware work?
How does the Ploutus malware work?
Unlike usual malware software, attackers have chosen to install the malware by inserting the CD boot disk to the innards of the ATM systems based on Microsoft Windows operating system. On the basis of the nature of installation method used for Ploutus malware, Symantec suggests that attackers are targeting standalone ATM machines wherein they can operate and access data without difficulty.
Symantec has also revealed that Ploutus malware developers have made changes to the binary name of the malware. Earlier the binary name of the software was ‘Ploutus.exe’ which is now changed to ‘PloutusService.exe’, as the researcher of the Symantec Security Response revealed to the SCMagazine.
Attackers transfer this ‘PloutusService.exe’ to the ATM using an optical drive and send a 16-digit command code using the ATM keypad. Then, the dispatcher sends a 33-digit instruction to the software using the command line and scheduled a timer when they plan to dispense cash from the ATM machine. The program is aimed at ATM model which takes in four cassettes for dispensing cash. The ATM machine calculates cash to be dispensed on the basis of the number of bills. If the cassettes have less than 40 bills, the machine releases cash until it is empty. The software consisting of “Spanish function names and poor English grammar” is an indication that it has been developed by Spanish developers, Symantec Security Response has cleared.
How ATMs can prevent Ploutus malware attack?
Symantec has advised some precautions for ATM machines to prevent Ploutus malware attack. These include changing BIOS boot order, booting from the hard disk instead of optical drive or USB drive and to keep BIOS password protected.