ForexFraud Header

Research reveals cryptocurrency ATM malware selling for tens of thousands

Published:
Updated:

Malware designed to tamper with cryptocurrency ATMs is available to pick up for $25,000, a report published by a cybersecurity firm has found.

The report, from Trend Micro, found that malware designed to edit the code which powers the ATM has already received a hundred reviews purporting to be from customers.

The malicious software also comes with a series of Europay, MasterCard or bank cards which can then be used to fraudulently purchase Bitcoin.

The researchers said that the weak point here may be the fact that security approaches vary from one cryptocurrency ATM to another.

“Unlike regular ATMs, there is no single set of verification or security standards for Bitcoin ATMs,” said Fernando Merces, a Senior Threat Researcher at Trend Micro.

“For example, instead of requiring an ATM, credit, or debit card for transactions, a Bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification. The user then has to input a wallet address or scan its QR code.

“The wallets used to store digital currencies are not standardized either and are often downloaded from app stores, posing another security problem,” he added.

Cryptocurrency ATMs are a relatively new phenomenon, and they have only been around for a few years. It’s believed that there are now well over 3,000 located across the globe.

Most of them are located in the US, where there are over 2,000. The UK, Russia and Europe’s German-speaking countries also have significant numbers.

According to industry media, the particular piece of malware located by the Trend Micro researchers is language-limited. It can apparently only be used in Russian, English or German.

Crypto ATMs have long since been accused of vulnerability to fraud, though.

Late last year, a woman from Canada said she lost around $12,000 Canadian dollars in a scam at a Bitcoin ATM in the city of York.

The woman received phone calls purporting to be from authorities accusing her of not paying enough tax. One of the callers even said “York Regional Police” on the caller ID – a move which itself was fraudulent.

She was then asked to place a large amount of money into a Bitcoin ATM, which she did.

The real local police later said that around $340,000 had been lost through fraudulent activity like this, and that there were at least 45 victims.

There is also believed to be a connection between some cryptocurrency ATMs and organised crime networks, too.

Police in London, UK claim that the devices are used for money laundering purposes by criminal gangs looking to convert proceeds of crime into ready cash without drawing attention to themselves.

“If you’re a local drug dealer [crypto ATMs] are a great opportunity to quickly dispose of cash,” said Detective Inspector Tim Court, a police expert in cryptocurrency.

The appeal of cryptocurrency ATMs to money launderers is that they can provide a way to move cash which doesn’t flag up the transaction, as may happen at another financial institution such as a bank.