How these hackers used malware to cash out £120,000 from ATMs?

Authorities in Essex, England, announced the arrest of six individuals accused of having used malware to hack multiple ATMs, stealing more than 120,000 pounds. Petru-Giani Feraru, Razvan Danaila, Robert Danaila, Victor Camara, Ioan Constantin and Constantin Lupoaie were charged with conspiracy to commit fraud, for which they were sentenced to a joint sentence of 13 years in prison.

Committed ATMs were reportedly located in banks and shopping plazas in Basildon, Colchester, Northfleet, Greenwich and Baking. Each of the defendants was involved in a cybercriminal group dedicated to the handling of these machines.

Threat actors manipulated the ATMs by connecting a device to the machines to inject the malware variant to force the ATM’s systems to expel cash, in an attack popularly known as jackpotting.

After multiple complaints, authorities began investigating the incident, collecting images of surveillance systems featuring some of the defendants, who deployed their malicious campaign between January and February 2021.

Authorities arrested four of the defendants in early February, as well as confiscating a smartphone containing all instructions to understand how the ATM works and how to hack these devices. Still, on April 6, authorities detected a new incident similar to the previous ones, where after a brief investigation they arrested the two remaining gang members.

This time the authorities confiscated a laptop used to compromise malware-infected ATMs. Soon after, the six individuals pleaded guilty to conspiracy to steal and were sentenced to Maidstone Crown Court on Thursday.

In a statement, Kent police mentioned, “Each of these individuals was involved in a sophisticated and well-organized conspiracy that resulted in the theft of a substantial amount of legitimately obtained money, so it was a priority to end this cybercriminal operation.”

  • Camara, 32, was sentenced to two years and four months in prison
  • Constantin, 27, was sentenced to three years and four months
  • Feraru, 23, was sentenced to two years and one month
  • Razvan Danaila, 30, was sentenced to two years and six months
  • Robert Danaila, 25, was sentenced to two years and four months
  • Lupoaie, 18, was sentenced to one year in prison

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.