Kaspersky Lab has reported that software containing a complex trojan virus is somehow being physically uploaded to ATM machines, allowing criminals to steal millions of dollars. Called Tyupkin, the malware allows a person to walk up to an infected machine, access a few hidden menus, input a secret passphrase, and hope they brought a big enough sack to carry off the loot.
Investigators found that Tyupkin was was capable of executing a number of sophisticated operations. Installed using a bootable CD, the trojan’s first order of business is to disable the McAfee antivirus software, often ATMs’ only defense against such malicious code. It can also disable local network connections, preventing a bank, for instance, from discovering the security breach. And it’s capable of entering a “standby mode,” activating itself only on certain nights, to help avoid detection.