Criminals are installing fairly sophisticated malicious programs on banks' ATMs, allowing them to control access to the machines and easily steal cash, security firms Kaspersky and Interpol said in a joint statement released on Tuesday.
The malware, which Kaspersky dubbed 'Tyupkin,' allows low-level thieves, known as money mules, access to the machines at certain times of day using an intermittently changing code, similar to the six-digit electronic tokens used for security in the financial industry. More than 50 ATMs in Eastern Europe and Russia were found to have been infected with the malware to date, leading to the theft of currency equivalent to millions of dollars, according to the statement.
The attack shows that criminals are improving their tactics and appear to be able to gain enough access to ATMs to install code, Vicente Diaz, principal security researcher at Kaspersky Lab, said.