Bitcoin (BTC) ATM Malware Being Sold For $25,000 On Dark Web, Cyber-Security Firm Reports

  • Crypto ATM malware that lets users obtain 6,750 in British pounds (GBP), Euros, or USD by exploiting a security vulnerability has been found on the Dark Web.
  • The malware is being sold for $25,000 and comes with a ready-to-use card with EMV / NFC capabilities.

A new type of malware program has reportedly been developed to target Bitcoin (BTC) ATMs, and it’s being sold on the Dark Web for $25,000.

Japanese cyber-security company Trend Micro Inc. came across the cryptocurrency malware while searching through secret online forums. Trend Micro’s senior threat researcher Fernando Mercês wrote in a detailed post that the security firm “noticed an apparently established and respected user offering Bitcoin ATMs malware.”

Crypto ATM Malware Sold With Ready-To-Use Card

The blog post further noted that the Dark Web listing was offering users a ready-to-use card which would come equipped with EMV / NFC support, in addition to the crypto ATM malware. EMV (abbreviation for Europay, MasterCard, Visa) chip technology is a widely adopted standard for credit and debit card payment processing, while NFC refers to a commonly used card emulation standard that allows users to process payments from their smartphones.  

According to Trend Micro, the listing said that buyers of the malware program would be able to use it to exploit a “service vulnerability” that lets users obtain bitcoins valued at 6,750 in British pounds (GBP), Euros, or USD.

“Range Of Financial-Related Malware” For Sale

Trend Micro’s blog also mentioned that the underground crypto ATM malware seller may be earning very large sums of money, considering that more than 100 reviews had been left about the exploitative malware and the seller’s other offerings.

The Dark Web seller is offering traditional ATM malware as well, according to another secret online thread discovered by Trend Micro. The thread states that the regular ATM malware is compatible with the latest or the most recently updated EMV standards.

There’s also a detailed explanation available in related threads noting that the malware exploits a “menu vulnerability to disconnect the machine from the network to disable alarms.”

Notably, Trend Micro also discovered that the seller is a very experienced hacker and online criminal.

Looking at the seller’s Dark Web profile, there’s are a wide “range of financial-related malware and compromised accounts” that the cybercriminal has been offering.

It appears that malicious hackers are now able to find and exploit security vulnerabilities even in some of the most sophisticated computer hardware and software programs.

On August 3rd, for example, CryptoGlobe reported that hackers had exploited nearly 200,000 “carrier-grade” routers to mine cryptocurrency.