RIPPER Malware To Blame For Recent Taiwan Bank ATM Heist

ATM malware is becoming the new norm all over the world these days. Inserting a bank card into an automated teller machine is a significant systemic risk right now. RIPPER, a new form of ATM malware, is blamed for last week’s heist in Thailand. A total of 12 million baht was stolen from bank machines during this process.

RIPPER Malware Is Here To Stay

Last week’s bank ATM heist in Taiwan raised a lot of questions and yielded very few answers. That was until FireEye researchers discovered the affected machines were infected with a new form of malware, called RIPPER. For now, law enforcement agencies have not officially attributed this heist to the malware, though.

What is rather worrisome about this type of malware is how it works under the hood. Infecting the devices requires a custom created chip-based ATM card, which is also an authentication mechanism. Using this method allows assailants to gain backdoor access to the ATM software itself. Once that has been achieved, installing malware is a walk in the park.

But there is more, as the assailants use this malware to infect the ATM pin pad as well.  By executing commands through the pin pad, attackers can force the machines to dispense money. As we have seen in the Taiwan heist, they also doubled the maximum allotted withdrawal limit when using RIPPER.

For now, preliminary research seems to link RIPPER to the Skimer malware. Skimer has been used in ATM heists since back in 2013, and RIPPER appears to be an evolved version of this malware. One big difference is how the new version no longer requires access to the ATM system through the bank’s internal network.

All of the targeted ATMs were running the Windows operating system. Since this is the most commonly used OS on bank ATMs around the world, RIPPER can become a global threat rather quickly. Moreover, the bank will only notice something is wrong when ATms stop communicating with the network, as that is also prevented by RIPPER once a heist has occurred.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.