ATM malware is being sold on Dark Web market that can make ATMs drain available cash

In May 2017, Kaspersky security researchers have noticed a forum post advertising ATM (Automated teller machine) malware that was targeting specific vendor ATMs.

The malware has been sold on the AlphaBay Dark Web marketplace since May 2017, but today, its administrators started a new standalone website after US authorities had taken down AlphaBay in mid-July.

The cost of the toolkit was 5000 USD at the time of the research. The AlphaBay description covers details such as the needed tools, targeted ATMs vendors, as well as tips and tricks for the malware’s operation.

The list of crimeware contains in the toolkit includes:
– Cutlet Maker—ATM malware which is the main component of the toolkit.
– Stimulator—an app to gather cash cassette statuses of a targeted ATM
– c0decalc—a simple terminal-based app to generate a pass for the malware.

According to Kaspersky:
“This type of malware does not affect bank customers directly, it is intended for the theft of cash from specific vendor ATMs. CUTLET MAKER and Stimulator show how criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM. “

The Cutlet Maker malware has been written in Delphi, and its name originates from the Russian language.