Kaspersky Lab, the developer of Kaspersky security software, has released a video on how the infamous Tyupkin malware functions.
Earlier this week, it had discovered a piece of malware, dubbed Tyupkin, infecting the ATMs that allow hackers to empty the cash machines. Interpol has already released an alert to the affected countries.
The footage shows that the attackers work only during Sunday and Monday nights. Interestingly, without entering any ATM card in the slot, they enter a combination of numerical codes on the ATM keyboard, make a call to an operator for further instructions and input a second set of codes. Once entered, the machine empties itself into their bags.
According to Kaspersky the criminals get the physical access to the ATM first and then install a bootable CD to install the malware, codenamed 'Tyupkin.' After rebooting the system, the cyber criminals get complete access to the system.
For every session, they generate a unique digital combination. The malware executor gets the key from another member of the gang who is able to generate a session key based on the number.
When the key is entered correctly, the machines display each cash cassettes and wait for the operator's preference.