Sep 12, 2018 at 12:00 // News

Coin Idol Author

Malware which targets Crypto ATMs is being sold on secret platforms and enables users to illegally steal up to $6,750 in Bitcoin per day.

Crypto ATMs are not as secure as they were earlier perceived to be. With the increase of Cryptocurrency adoption and acceptance, a new way of scam has surfaced in the visage of malware which targets Bitcoin ATM vulnerableness. As per Trend Micro security researchers, the illicit malware is freely sold underground worth $25,000 on the digital black market.

Verification and Security Standards are Critical

Traditional ATMs have, for a very long time, been the main target of offenders and phishers, with hacking devices and obfuscated cameras being a popular form of deception. Albeit, as per Trend Micro, hackers have relinquished tangible skimming devices and are now using a digital-based way to Bitcoin automated teller machines.

“Unlike regular ATMs, there is no single set of verification or security standards for Bitcoin ATMs. For example, instead of requiring an ATM, credit, or debit card for transactions, a Bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification,” reads a statement from a Senior Threat Researcher at Trend Micro, Fernando Merces. “The user then has to input a wallet address or scan its QR code. The wallets used to store digital currencies are not standardized either and are often downloaded from app stores, posing another security problem.”

According to Fernando, the absence of a single set of security and verification standards is a major cause of the recent increase in Bitcoin ATM-related scams.

The security researchers believe the absence of security and verification standardization is the primary contributing factor to the recent growth of malware attacks. The paper also inclines to Cryptocurrency wallets, particularly mobile-app-based ones.

Economics Behind Black Market Malware

Malware which uses such vulnerabilities and weaknesses is freely and readily obtainable on darknet forums and is being sold by high profile user accounts with good reputations. The illicit malicious software comes together with a ready-to-use card with either NFC or EMV compatibility and is able to transfer $6,750 worth of Bitcoin illegally. As per now, the merciless seller has more than 100 reviews from various users that have already purchased the malware, and the seller has indicated that they're "open to partnership" with any willing and able parties on a revenue-sharing model.

With more than 3,500 Bitcoin ATMs across the globe, the recent attacks come at a time when it was expected. With more than 2,000 units, the US is a dwelling to greater than 1/2 of the machines, with Slavic and German-speaking nations (including Austria, Russia and Ukraine) are one of the early adopters. Nevertheless, in July 2018, Bitcoin ATM adoption rates decelerated by 1.6%, that reflects a time of doubt for the cryptocurrency markets.