RIPPER, discovered by researchers with FireEye Labs in August 2016, is capable of collecting data from bank cards, dispensing cash, and reading user input from the numeric PIN pad. Additional capabilities include controlling the Card Reader to either read or eject a payment card on demand and the ability to self-destruct. RIPPER targets some of the main ATM vendors including Diebold, NCR, and Wincor Nixdorf. RIPPER is designed to interact with the ATM through specially-crafted ATM cards that contain an EMV chip that acts as an authentication mechanism.
Reporting and Technical Details:
- August 2016: RIPPER ATM Malware and the 12 Million Baht Jackpot (FireEye)
- September 2016: Untangling the Ripper ATM Malware (Trend Micro)
Image Source: Threatpost