Stealthy malware Skimer helps hackers easily steal cash from ATMs
Security researchers have found a new version of a malware program called Skimer that’s designed to infect Windows-based ATMs and can be used to steal money and payment card details.
Skimer was initially discovered seven years ago, but it is still actively used by cybercriminals and has evolved over time. The latest modification, found by researchers from Kaspersky Lab at the beginning of May, uses new techniques to evade detection.
Upon installation, the malware checks if the file system is FAT32 or NTFS. If it’s FAT32 it drops a malicious executable file in the C:\Windows\System32 directory, but if it’s NTFS, it will write the file in the NTFS data stream corresponding to Microsoft’s Extension for Financial Services (XFS) service.