MILPITAS, Calif.–A new version of a piece of ATM malware has been discovered that apparently targets numerous manufacturers’ machines.
According to a new report from FireEye, the ATM malware, called Ploutus was initially discovered in 2013 and only targeted ATMs manufactured by NCR. But FireEye said an updated release has its sites on a type of middleware used by ATM manufacturers that allows criminals to gain access to the machines in order to have them dispense cash.
In its report FireEye said the coders clearly have an understanding of how ATM middleware works. The latest version has been called Ploutus-D. Because most ATMs run on Windows, which wasn’t designed to work with ATM hardware, middleware software and APIs were created to bridge the gap. Many financial institutions use middleware from Scotland-based KAL, which works with 40 different vendors, according to FireEye. It is the KAL software, known as Kalignite, that the hackers have targeted, although that software is not being exploited. But the company has released a new set of features called “security lockdown” in response.