A new ATM malware has hit the streets and itâ€™s calledÂ Suceful. This new malware seems to have beenÂ created in August 2015, and it is unclear if it is still under development or has already been actively deployed. Security firm FireEye is researching Suceful now and discovered it on the websiteÂ VirusTotal, used to analyze users files for viruses. They do believe that Suceful is not currently in use. The malware was in a file uploaded by a user in Russia and FireEye says its capabilities are impressive.
According to the security firm, Suceful is capable of reading data from the payment cardâ€™s magnetic stripe and chip, and disabling ATM sensors. The malware, which attackers can control from the ATMâ€™s PIN pad, also includes a feature that hasnâ€™t been seen at other such threats: it can retain and eject inserted cards to allow fraudsters to physically steal them.
The malware communicates with the ATM hardware via XFS, a standard that provides a client-server architecture for devices used in the financial industry, such as ATMs and electronic payment systems.
The most interesting part of this malware is the attackers can instruct the ATM to keep the card inside the machine. Once the victim walks away the attacker can go to the machine and key in a code to retrieve the card and they then have physical possession of the card along with the pin number already lifted by the software.
â€śSuceful is the first multi-vendor ATM Malware targeting cardholders, created to steal the tracks of the debit cards but also to steal the actual physical cards, which is definitely raising the bar of sophistication of this type of threats,â€ť FireEye researchers wrote in a blog post.
Again, FireEye still believes Suceful is under development and has yet to be deployed in the real world. Hopefully this information has been released in time to get ahead of any potential attacks that may happen. FireEye believes Suceful was written to specifically target Diebold and NCR made ATM machines. Take a look at the videos below to see how criminals target ATM machines.