Every thief probably drools at the idea of getting their hands on the cash contained in an average ATM. While theft attempts on these mobile cash dispensaries take place all the time, it can be a very risky proposition along with some serious jail time for the crooks and slot machine jackpot cheats that get caught.
A recent post on the cybersecurity website ZDNET details a potential malware that can turn an ATM into a slot machine jackpot. Uncovered by cyber-crime researchers, the malware is known appropriately as WinPot. The cybersecurity team at Kaspersky Labs recently delved deeper the capabilities of this ATM hijacking malware. It was first discovered in underground forums in March of 2018.
WinPot Or ATMPOT AT Kaspersky
WinPot, which is internally referred to as ATMPot at Kaspersky is rather simple in its core functionality. It is designed to compromise the internal function of an ATM. More importantly, it is designed to free the machine of all of its stored cash. It has been specifically targeted at a well known ATM vendor, but the company was not disclosed.
Indeed, what separates this type of malware from other existing forms is its interface. The effort to make the interface resemble a slot machine results in the term “ATM jackpotting”. The term basically mirrors the concept of an ATM machine that hackers successfully compromise. The technical aspect of the interface includes a visual indicator of an ATM’s cassettes. Each one has a reel numbered 1 to 4. This makes sense since the maximum number of cash-out cassettes in a standard ATM is four.
How Does ATM Malware Create a Slot Machine Jackpot?
The malware contains a button labeled “spin”. When pressed, each cassette starts dispensing cash. There is a “stop” button that can end the process. There is a “scan” option which basically resets the game. It also re-scans the ATM to search the remaining cassettes for additional cash.
A WinPot screenshot of the interface included in the post depicts the four reels across the screen. It also has the scan feature on the left side along with the stop feature on the right. It was also discovered that a trader of the ATM malware on the Dark Web is advertising an updated product. Most importantly, it is known specifically as WinPot v.3. This version includes a revamped interface. It also includes an unidentified program entitled “ShowMeMoney.” Furthermore, it has been suggested that this might be referring to the new version of WinPot given its similar interface style.
The WinPot v.3 screenshot shows a bit more advanced version of the malware. It still contains the numbers 1 to 4 across the top, but this version also has an “auto” option and an “exit” option.
The post goes on to mention that WinPot is similar in its display to Cutlet Maker. This is a malware that can be loaded onto a flash drive. It is then plugged into a USB port on at ATM. This begins the process of using this malicious code to crack the system. The simulator finds ATM cassettes and begins to mimic transactions that force the machine to start dispensing cash.
• Source: This malware turns ATM hijacking into a slot machine game From Zdnet.com On February 19, 2019.