Until now, there were 140 companies in 40 countries are suspected to be victims of this mysterious hacking action. The company is engaged in a variety of fields, including banking, government agencies, as well as telecommunications companies.
Kaspersky Lab convey countries targeted are Austria, Bolivia, Bulgaria, Cambodia, Canada, China, Congo, Cyprus, Germany, India, Indonesia, India, Iran, Kazakhstan, Libya, Madagascar, Maldova, Mongolia, Morocco, Pakistan, Paraguay, Peru , Saudi Arabia, Tanzania, Ukraine, Vatican, Venezuela, and Vietnam.
Having examined the security experts, they found a hacker wearing in-memory malware to infect the banking network for profit.
After the incident, Kaspersky Lab gain two log file contains malware from the hard drive ATM. Experts also managed to identify pieces of information in the text to make YARA rule. Thus, the experts could merepositori malware and find samples.
YARA rule is a series of investigations that assist analysis discover, classify, and categorize the malware samples and interesting relationships based on patterns of suspicious activity on the system or network have in common.
Furthermore, the experts managed to find until the malware dubbed ATMich. The malware has been detected twice roam freely, from Kazakhstan and Russia. This malware is installed and run remotely on the targeted bank ATMs.
Once connected to the ATM, malware ATMitch ATM will communicate with the malware as legitimate software. Malware ATMitch allows the hacker to perform a number of commands, such as gathering information on the number of banknotes in ATMs. Criminals can spend any time with just one button.