Newly Discovered ‘Cutlet Maker’ Malware Used in Series of Jackpotting Attacks on ATMs in Germany
- ‘Cutlet Maker’ was used by attackers to steal around $1.5 million from ATMs in Germany.
- A total of 10 different jackpotting incident involving the malware had taken place between February and November 2017.
Details regarding a newly discovered ATM malware named ‘Cutlet Maker’ have emerged recently. The malware was used in a series of jackpotting attacks on ATMs in Germany during 2017.
What’s the matter?
A joint investigation conducted by Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has revealed that ‘Cutlet Maker’ was used by attackers to steal around $1.5 million from ATMs in Germany. A total of 10 different jackpotting incidents involving the malware had taken place between February and November 2017.
The attacks deployed in Germany is similar to the ATM hijack instance demonstrated at a Black Hat conference in 2010.
During the annual Black Hat cybersecurity conference in 2010, late researcher Barnaby Jack had shown a live hijack of an ATM using his own strain of malware. The ATM malware ejected a steady stream of bank notes while displaying the word ‘JACKPOT’ on the machine.
About Cutlet Maker
‘Cutlet Maker’ has been designed to make ATMs eject all of the money inside them. After the malware is installed on an ATM, it displays a message"Ho-ho-ho! Let's make some cutlets today!" along with a cartoon image of chef and cheering piece of meat.
The malware is available online for $5,000 to cybercriminals who want to empty ATMs.
A typical jackpotting attack
Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash. Hackers typically install the malware onto an ATM by physically opening a panel on the machine that reveals a USB port.
What does the research say?
Motherboard highlights that, “Although a European non-profit said jackpotting attacks have decreased in the region in the first half of this year, multiple sources said the number of attacks in other parts of the world has gone up.”
Attacked regions include the US, Latin America, and Southeast Asia. The so-called jackpotting attack also impacts banks and ATM manufacturers across the finance industry. Santander is one of highly impacted banks in the 2017 attacks.
The bank used old and slow Windows systems, thus enabling the cybercriminals to hijack ATMs.
While law enforcement agencies are investigating the 2017’s jackpotting attack, research notes that not all ATMs across the industry are up to the standard. This can certainly lead to an increase in ATM jackpotting attacks.