Atm Malware Download – Winpot Atm Malware Download into Slot Machines.
Kaspersky is back and uncovering major cybercriminals! This malware, which is dubbed “WinPot”, has caused all news outlets to go crazy. It’s an ATM payload that causes the machine, kind of like a casino coin machine, to spew money.
Ploutus D is a similar malware threat that we briefly discussed a few years ago. That’s right. You can be sure that your assets will remain safe and sound in the XP Box. It’s easy to believe that every bank has everything.
Is this malware? I traced it back to a forum (that’s not on the darknet like how most outlets are reporting) after an easy Google search, called “club2crd”. The primary concern I have with WinPot that I found on this forum is 8/18/2018 when a user called “Muhammad98” sold it for USD 1000. This WinPot version, which is older, targets Wincor ATMs manufactured in Nixdorf. It is the same brand as the Ploutus D Malware.
WinPot version 3 was another concern. It dates back to Dec 9, 2018. “wav” is a user who appears to be a Senior member (yes, he’s super 1337). He was selling the trojan for 1 BTC, which was USD 6440.5 back then. It is doubtful that even half of these forums are convinced of the utility of their tool. I think “1 BTC” is a random number they use to buy almost anything they have. Did you see that old CC dump, too? That’s one bitcoin. This malware piece is not worth six thousand dollars, so don’t believe me.
It gets more complicated Google search queriesI found another malware strand that was built from WinPot. It’s called “Annuit Coeptis” and is the same as WinPot. It costs 500 USD.
Additional Muhammad98 sells this version. He was also the same one who sold WinPot’s previous version. What’s the difference? I don’t understand. The program’s functionality is exactly the same as the screenshot. After five minutes, I found a forum response stating that the program didn’t work. Because the program’s author is not proficient in coding, it crashes. Below is a video of the WinPot malware being used on an unspecified ATM.
WinPot malware has been able to hack ATMs via a slot machine interface
- Winpot Atm Malware is designed to hack ATMs and force them to empty their cassettes.
- WinPot is an ATM malware which uses a coin machine interface in order to steal money from ATMs.
Researchers studied WinPot replacement malware. It was first discovered on underground forums back in March 2018. WinPot, an ATM malware, uses a coin-machine interface to steal cash from ATMs. ATMPot also goes by the name WinPot. It is designed for ATMs to be attacked and forced to empty their funds.
Interface to slot machine
WinPot malware attackers have spent a lot on creating an interface that looks almost like a coin-machine. This is most likely the preferred term ATM-jackpotting.
The WinPot interface includes a visible indicator of an ATM’s cassettes.
- Each cassette contains a reel that is numbered 1 through 4. 4, which corresponds to the maximum cash out cassettes that can found at an ATM.
- Each cassette has buttons that can be labeled with the following labels: SPIN (SCAN), SLOT(SLOT), STOP (STOP).
- After victims press SPIN, the ATM starts dispensing cash from the cassette.
- To update SLOT numbers, the SCAN button scans ATMs.
- The STOP button will prevent cash from being disbursed from the machine.
Kaspersky Lab researchers looked at the WinPot sample to find more models that were modified.
The malware seller recently offered WinPot version 3. It features a revamped interface as well as a program called “ShowMeMoney”, which is almost identical to the interface for coin machines. This mechanism looks almost like Cutlet Maker malware.
WinPot authors change the malware to suit future purposes.
- WinPot allows you to make new samples and modifications to ATM security systems.
- Modifications to WinPot have been made in order to prevent cash mules from using WinPot for their own purposes.
- Modifications may be made to bypass ATM limitations, improve the interface or correct errors.
“We expect to find more modifications of the ATM malware. This threat can be prevented by using device control software as well as process whitelisting. The first will stop malware being introduced to ATM computers via the USB path. Researchers stated in a blog that the first will block the USB path to installing malware directly into an ATM computer.