Security News
Leading Bitcoin ATM maker General Bytes disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform. General Bytes makes Bitcoin ATMs allowing people to purchase or sell over 40 cryptocurrencies.
In August 2022, we wrote how General Bytes had fallen victim to a server-side bug in which remote attackers could trick a customer's ATM server into giving them access to the "Set up a brand new system" configuration pages. In the General Bytes ATM server the unauthorised access path that got the attackers into the "Start from scratch" setup screens didn't neutralise any data on the infiltrated device first.
A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News.
A new report from Kaspersky sheds light on the 2020-2022 ATM and Point of Sale malware landscape. Lockdowns all around the globe during the pandemic have seriously reduced ATM and PoS malware activity, since people stayed at home with no other possibility than buying what they needed online instead of physically going to shops.
You wouldn't know it from visiting the company's main website, but General Bytes, a Czech company that sells Bitcoin ATMs, is urging its users to patch a critical money-draining bug in its server software. Not all countries have taken kindly to cryptocurrency ATMs - the UK regulator, for example, warned in March 2022 that none of the ATMs operating in the country at the time were officially registered, and said that it would be "Contacting the operators instructing that the machines be shut down".
Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "This vulnerability has been present in CAS software since version 2020-12-08.".
Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies.
The Bank of the West is warning customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank's ATMs. The financial institute, which operates over 600 branches in the United States, first detected a wave of suspicious withdrawal attempts in November 2021 and coordinated with law enforcement to conduct an in-depth investigation. "The ATM skimming device that was installed interfered with the normal debit card transaction and allowed the theft of your card number, the PIN number associated with your card, and possibly your name and address," explains the bank's notice to impacted customers.
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. The intrusions staged by the actor involve "a high degree of OPSEC and leverage both public and private malware, utilities, and scripts to remove evidence and hinder response efforts," Mandiant researchers said in a new report published this week.
Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions. In a new report by Mandiant, researchers present further evidence of LightBasin activity, focusing on bank card fraud and the compromise of crucial systems.