Mawlare now targets Bitcoin ATMs

Bitcoin ATMs are also in the sight of cybercriminals, as a new advertisement for a hacking device has popped-up.

Hackers are now targeting Bitcoin ATMs and, even more impressively, the required tools are available for sale online. The revelation comes from a Trend Micro blog post, which reports on Japanese security experts taking a look at recent listing in a deep web forum.

The offer is written very seriously and comes from an experienced seller, who also has several advertisements for malware targeting the more traditional cash ATMs. A potential buyer would receive the required software package, detailed (and multilingual) instructions as well as an EMV and NFC card, which are ready to use. The method is described as “not requiring any physical access”, but judging by the context this means “not breaking into the ATM”.

EMV is the standard chip technology used in credit cards, created to make them more secure than the previous magnetic stripes. NFC (near-field communication) is an even more recent development commonly found on late-generation smartphones. Both would require the user to interact with the ATM.

The listing states that the method of attack targets a service vulnerability in the devices. Each Bitcoin transaction can allegedly be worth up to 6750 USD/EUR/GBP. 

The total package comes with a $25,000 price tag. The team behind this development is apparently also looking to work with other similar professionals, and split potential profits.

While the offer is perhaps an oddity by itself, it raises other questions, like “How safe are Bitcoin ATMs?”. There obviously isn’t a definitive answer to this question. There are multiple manufacturers of these devices, and they implement different policies. Balancing anonymity and security is always a tough task and some brands may be more vulnerable than others. While the expansion of such payment solutions appears to be slowing down and some have even managed to find alternatives, ATMs are still a neat feature of the cryptocurrency space. At least by the looks of things, this threat will not target end users – only the device owners/operators should worry.