Bitcoin owners that use Bitcoin ATMs should be extra careful. Security researchers have uncovered malware that is specifically crafted to target these ATMs. This malware is being traded on the Dark Web, and its price is quite high.
The shift towards Bitcoin ATMs shouldn’t be all that surprising. First, ATM malware has proved to be widely successful, and second – the increasing number of wallet vendors and cryptocurrency exchanges enhances the lack of standardization in the industry. This creates a loophole that malware coders can easily exploit.
Statistics indicate that there are about 300 million regular ATMs in use, and about 3,500 Bitcoin ATMs, with the latter being increasingly adopted. This quick adoption undoubtedly poses a threat to cryptocurrency owners.
How is a regular ATM different than a Bitcoin ATM?
Although it looks similar to a regular ATM, a Bitcoin ATM differs in certain important aspects, Trend Micro researchers explain.
Perhaps the most notable difference is that a Bitcoin ATM does not connect to a bank account. Instead it connects to a cryptocurrency exchange, which is a platform for buying and selling cryptocurrencies like bitcoin. The purchased bitcoins go to the customer’s digital wallet. In essence, a Bitcoin ATM is not really an ATM in the traditional sense of the word but is rather more like a kiosk or terminal that allows users to connect to exchanges.
And as it appears, researchers spotted cryptocurrency malware for sale on the Dark Web. The malware has been created by a respected malware author.
This malware listing is about a particular service vulnerability, and it claims that users will be able to receive Bitcoin worth up to 6,750 in dollars, euros, or pounds by exploiting Bitcoin ATMs. The “package” also comes with a ready-to-use card equipped with EMV and NFC capabilities.
However, the malware isn’t cheap and comes at the price of $25,000, which means that not many hackers will be able to purchase and use it. The same malware developer is also selling regular ATM malware which is able to disconnect ATMs from their network to disable alarms.
In addition, the seller offers a range of financial-related malware and compromised accounts, which indicates that this person is an experienced cybercriminal who seems to be constantly expanding his wares, the report says.