First detected in 2009, Skimer is capable of executing twenty-one malicious commands including withdrawing ATM funds and stealing customer data such as bank account numbers and payment card PIN codes. Skimer requires either physical access to the ATM system or access via the bank’s internal network. The infection begins by installing Backdoor.Win32.Skimer which then infects the main ATM system responsible for the device’s interactions with banking infrastructure, cash processing, and credit cards. Once infected, the entire ATM is converted to a card skimmer. Skimer can be left active on infected machines to continuously steal customer information over several months. To recover the stolen data, attackers insert a card with records contained on the magnetic strip. Once these records are run, the card needs to be ejected and a session key must be entered by the attackers within one minute. If successful, Skimer’s interface will display a menu listing various commands.
Reporting and Technical Details:
- May 2016: Skimer ATM Malware Gets Updated, Turns ATMs into Skimming Machines (Trend Micro)
Image Source: Trend Micro