Security software manufacturer Trend Micro has discovered Bitcoin (BTC) automated teller machine (ATM) malware that can be purchased online.
The Tokyo-based firm made this known in a recently-published blog post.
In the blog post, Trend Micro pointed to an advertisement posted by an “apparently established and respected” user on a darknet forum. For the price of $25,000, criminals could buy Bitcoin ATM malware that comes with a ready-to-use card with EMV and near-field communication (NFC) capabilities.
EMV chips were initially developed by leading credit card providers to keep data on integrated circuits as opposed to magnetic stripes, while NFC allows two electronic devices to wirelessly exchange information.
The malicious software is said to exploit a Bitcoin ATM’s weakness, which lets fraudsters receive the BTC equivalent of up to 6,750 U.S. dollars, euros, or pounds. According to Trend Micro, the seller has gotten more than 100 online reviews both for the malware and other products.
Another forum thread displayed that the seller also offers regular ATM malware that has been revised for EMV standards. More research uncovered that the malware takes advantage of a menu vulnerability to disengage an ATM from the network to disable alarms.
Trend Micro proposed:
“As long as there is money to be made — and there is quite a bit of money in cryptocurrencies — cybercriminals will continue to devise tools and to expand to lucrative new ‘markets.’ As the number of Bitcoin ATMs grows, we can expect to see more forms of malware targeting cryptocurrency ATMs in the future.”
Another study that was conducted by cybersecurity company Duo Security exposed a network of thousands of crypto-related scam bots on Twitter, promoting fake “giveaways.” The project involved 88 million Twitter accounts, with experts using machine learning techniques to train a bot classifier. The classifier found 15,000 bots disseminating bogus competitions and mimicking some of the cryptocurrency industry’s best-known figures and businesses.