Bitcoin ATM Malware for Sale on the Dark Web

Malware targeting Bitcoin ATMs has reportedly been found online for sale on underground dark web sites that sell various illegal goods and services. The malware does not come cheap, as it is being sold for $25,000. The seller has reportedly received over 100 customer reviews, which indicates that the expensive piece of malware has generated substantial income. The malware is already in circulation and in use in several locations around the world. Once a buyer purchases the malware, he or she also gets a ready-to-use card with NFC and EMV capabilities. The malware is reported to take advantage of service vulnerabilities, enabling its users to receive as much as $6,500 worth of Bitcoin.

While regular ATMs have long been a target for criminals, fraud related to Bitcoin ATMs has so far not amounted to much. A Bitcoin ATM allows the exchange of Bitcoin and cash, with some Bitcoin ATMs offering bidirectional functionality enabling both the purchase of Bitcoin as well as the sale of Bitcoin for cash. While attacks on regular ATMs haven’t waned, criminals have continued to abandon traditional methods such as skimmers and are now relying on advanced methods such as malware. The problem has become widespread and has had such a financial impact on both consumers and financial institutions that IBM has received a 300 percent increase in ATM security testing requests in the past year. Trend Micro, a Japanese multinational cyber security and defense company, suggests that the emergence of Bitcoin ATM malware is only a natural progression of cyber crime surrounding cryptocurrencies.

The increased popularity of crypto-focused malware stems from the increased popularity of digital currencies in the past year as well as a marked increase in the real-world use of cryptos. It’s therefore no surprise that malware targeting Bitcoin ATMs has popped up in underground markets.

This is natural and expected, wrote Sucuri, a security company, in an eBook predicting that as cryptocurrencies attract more users and their market capitalization continues to grow, the cryptocurrency field should expect to see an increase in mass infections.

The number of worldwide Bitcoin ATMs has risen in recent years to around 3,500. Many of these ATMs can carry out transactions involving other cryptocurrencies including Litecoin and Ethereum. At the moment, it’s not yet clear whether the malware in question can steal cryptocurrencies other than Bitcoin.

Bitcoin ATMs differ from regular ATMs in that there are no set security or verification standards. To use one, a person is required to use his or her identity card and mobile numbers for identity verification, unlike the debit and credit cards used in regular ATMs. The user is then required to input his or her wallet address or scan a provided QR code with his or her mobile phone. Adding to the problem, crypto wallets are freely available for download from app stores, which piles on to the lack of standards. This makes Bitcoin ATMs a fertile ground for cybercriminals.