A type of malware which steals funds from cryptocurrency ATMs is being sold freely on underground forums, enabling users to steal up to $6,750 worth of Bitcoin every day.
Security researchers from Trend Micro discovered a malware that targets vulnerabilities in Bitcoin ATMs, which is being sold on the digital black market for a price that can go up to $25,000, or the correspondent in pounds or Euro.
ATMs have been targeted by hackers for a long time, usually using skimming devices and hidden cameras to extract the funds from the machines. But, as reported by Trend Micro, hackers have taken another approach to crack Bitcoin ATMs.
“Unlike regular ATMs, there is no single set of verification or security standards for Bitcoin ATMs. For example, instead of requiring an ATM, credit, or debit card for transactions, a Bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification,” stated Fernando Merces, Senior Threat Researcher at Trend Micro.
“The user then has to input a wallet address or scan its QR code. The wallets used to store digital currencies are not standardized either and are often downloaded from app stores, posing another security problem.”
The researchers cited that a lack of security and verification regulation is to blame for the recent increase in malware attack rates. This also applies to crypto wallets, especially the ones for mobile devices.
Malware that uses these weaknesses can be easily found on underground forums, being distributed by reputable user accounts with established activity and history. The software is sold together with a card that is compatible with EMV or NFC, allowing the illegal transfer of up to $6,750 in BTC.
The seller currently has more than 100 reviews from users that have already purchased the software or other items sold by the user. The seller has also mentioned that they’re “open to partnership” with those that are interested in a revenue-sharing model.
Considering that there are 3,500 Bitcoin ATMs globally, it is unsurprising that these types of malware are developed. But, in July of 2018, the adoption of Bitcoin ATM has slowed down with 1,6%, signaling a sentiment of uncertainty in the crypto markets.