Dark Web: Hackers are selling customised ATM malware that comes complete with video tutorials
The malware, dubbed CutletMaker, was first listed on AlphaBay before the site was shut down by the FBI.
The dark web is known to be teeming with marketplaces that sell all kinds of illegal goods. Despite law enforcement authorities having shut down several prominent dark web marketplaces this year, the underground community continues to thrive. Hackers are now selling ATM malware for thousands of dollars.
According to security experts at Kaspersky Lab, in May, cybercriminals put up a listing advertising the sale of an ATM malware, dubbed CutletMaker on the popular dark web market AlphaBay, before it was shut down by the FBI. The malware was being sold for $5,000 and included a detailed manual with descriptions on how to use "all parts of the toolset".
Kaspersky Lab researchers suspect that CutletMaker's authors may have been Russian, as the Russian slang term "cutlet" means a "bundle of money".
"This type of malware does not affect bank customers directly, it is intended for the theft of cash from specific vendor ATMs. It is likely that ATMs in these attacks were infected through physical access to the PC, which means criminals were using USB drives to install malware onto the machine. In such a case, device control software would prevent them from connecting new devices, such as USB sticks," Kaspersky Lab researchers said in a blog.
According to a report by BleepingComputer, the CutletMaker malware is now being sold via a new site called ATMjackpot. Cybercriminals are reportedly selling a slightly modified version of the malware for $1,500 worth of Bitcoin.
However, the hackers allegedly plan on doubling the price of the malware in the future. The cybercriminals behind ATMjackpot also reportedly posted four video tutorials that show how one can gain access to an ATM's USB port, connect the required hardware and infect the cash machine with the malware to make it spit out money.
This is not the first time that hackers have taken to selling malware on the dark web. In July, hackers were found selling a password-stealing malware called Ovidiy for just $7. However, the dark web community appears to be under attack from unknown entities. Last week, four major marketplaces including Dream Market and Tochka mysteriously went offline. It is still unclear if this was due to an attack by the sites' rivals or part of a law enforcement operation.