HQ/EMEAFind out how we can help your business
Security researchers uncovered a new malware strain called ‘FiXS,’ a Windows-based ATM malware that began targeting banks in Mexico in February. Reports reveal that this malware can infect any automated teller machine that supports CEN/XFS or eXtenstions for Financial Services.
While researchers initially found the malware requiring interaction through an external keyboard, they also found that its operators discovered an approach for it to interact with touchscreen ATMs. It was also seen hidden in a program that tricks users into trusting it as safe.
This new ATM malware displays notable properties in carrying out attacks.
According to the FiXS ATM malware analysis, it can dispense money from a teller machine 30 minutes after its last reboot. This activity is done by leveraging the Windows ‘GetTickCount API’ – a function that retrieves the number of milliseconds elapsed since a system has been restarted.
Researchers also underline that this new malware is comparable to other ATM malware strains, including Ploutus and RIPPER. Both strains can steal cash from automated teller machines through an external keyboard or sometimes by text messages.
Furthermore, the discovery of the new FiXS malware augments the threats against financial institutions since there has been an extensive list of ATM malware strains in the wild that could siphon funds from teller machines.
Thus, security experts warn financial institutions to be wary of these threats. Some of the most notorious ATM malware strains existing are Ploutus, RIPPER, Prilex, GreenDispenser, Alice, Skimer, ATMii, SUCEFUL, and ATMitch.
People are advised to protect themselves from threats posed on their finances by reviewing security around teller machines before withdrawing money and avoid easily trusting banking applications that could be posing as legitimate vendors.
For merchants, experts recommend only filling teller machines with sufficient money for one day’s trading and only conducting maintenance when the store is closed, and no unauthorised people are around.
