Malware Exposes Bitcoin ATM Vulnerabilities, Sales for $25,000

Malware that targets cryptocurrency ATMs is freely sold on underground forums – and allows users to steal up to $6,750 in Bitcoin daily.

Cryptocurrency ATMs are not as safe as previously thought. With the rise of crypto acceptance, a new form of fraud has emerged in the face of malware that targets Bitcoin ATM vulnerabilities. According to Trend Micro security researchers, the malware is freely sold on the digital black market and goes up for $25,000, or the equivalent in British pounds or Euro.

Traditional automated teller machines have long been the target of phishers and criminals, with skimming devices and hidden cameras being a preferred method of fraud. However, according to Trend Micro, hackers have forgone physical skimming devices and are now taking a digital-based approach to Bitcoin ATMs.

“Unlike regular ATMs, there is no single set of verification or security standards for Bitcoin ATMs. For example, instead of requiring an ATM, credit, or debit card for transactions, a Bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification,” said in a statement Senior Threat Researcher at Trend Micro, Fernando Merces. “The user then has to input a wallet address or scan its QR code. The wallets used to store digital currencies are not standardized either and are often downloaded from app stores, posing another security problem.”

According to Merces, lack of a single set of security and verification standards is a contributing factor to the recent rise in Bitcoin ATM-related fraud.

The researchers claim the lack of security and verification standardization to be one of the contributing factors to the recent rise of malware attacks. The paper also applies to crypto wallets, especially mobile-app-based ones.

The Economics of Black Market Malware

Malware that exploits such vulnerabilities is readily available in the underground forums, and is sold by well-respected user accounts with established reputations. The malicious software comes hand-in-hand with a ready-to-use card with either EMV or NFC compatibility, and is capable of illegally transferring up to $6,750 worth of BTC. Currently, the seller has over 100 reviews from users who have already bought the malware or other products sold by the “vendor”. In a true entrepreneurial spirit, the seller has also stated they’re “open to partnership” with interested parties with a revenue-sharing model.

With over 3,500 Bitcoin ATMs around the world, the recent attacks come as no surprise. With over 2,000 units, the US is home to more than a half of the machines, with Slavic and German-speaking countries (including Russia, Ukraine and Austria) also among the early adopters. However, in July of this year, Bitcoin ATM adoption rates slowed down by 1,6%, reflecting a period of uncertainty for the crypto markets.