The New Banking ATM Malware On The Block

Earlier this week, security firm Kaspersky Labs detailed new attacks on financial institutions, comprised of three separate campaigns known as Metel, GCMAN and Carbanak.

Though disparate in their technology and methodology, Kaspersky said that the attacks have the aim of harming financial firms but have been limited, at least regionally, to Russia.

[bctt tweet=”Kaspersky said that the attacks have the aim of harming financial firms but have been limited, at least regionally, to Russia.”]

Metel, which takes its name from the Metel hacking group that looks to gain entrance to bank companies through email and then manipulating huge sums of cash from ATMs, was found in more than 30 enterprises in Russia but has been contained, as Kaspersky said, “before any major damage could be done.”

Kaspersky also said that it has identified another Russian hacking group, known as GCMAN, which has used similar techniques to infiltrate banks but then transfers funds to eCurrencies, using tools to find out which banks will send money to an eCurrency service without raising alarms. The transactions, at the maximum limit of about $200, were repeatedly triggered by malware.

In terms of the Carbanak iteration of malware, which has a history behind it as it had been used to criminally grab as much as $1 billion from as many as 100 banks globally, has now been extended to attack accounting and budgeting departments of firms that do not necessarily operate in the financial realm.

In a statement that accompanied the news of the malware activities, Kaspersky Principal Security Researcher Sergey Golovanov said: “Attacks on financial institutions uncovered in 2015 indicate a worrying trend of cybercriminals aggressively embracing APT-style attacks. The Carbanak gang was just the first of many: Cybercriminals now learn fast how to use new techniques in their operations, and we see more of them shifting from attacking users to attacking banks directly. Their logic is simple: That’s where the money is.”