Eight arrested over 'Tyupkin' ATM malware thefts across Europe

[Reefa]

Eight people have been arrested for their involvement in a sophisticated criminal enterprise that used malware to infect cash machines and steal thousands of pounds from banks across Europe.

 

The arrests were made in Romania and Moldova after a joint investigation involving the Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism, with support from Europol and a number of other European law enforcement agencies.

 

The group used malware dubbed Tyupkin to infect ATMs with a trojan that allowed the machine to be controlled from the standard number pad on the front panel.

 

Tyupkin has been in use for several years, and Kaspersky Lab first revealed evidence of the malware in 2014.

 

It is often installed through physical interaction with ATMs, mainly using a CD to insert the malware and relying on the fact that security codes for ATM software are never changed, as Kaspersky explained to V3 in 2014.

 

The malware contains code that allows the crooks to take control of the ATM and force it to hand out notes, often draining machines of their entire cash reserves in the process. The practice is termed ‘jackpotting’.

 

This was resulting in huge losses for European banks, and a major joint operation was headed by Europol's European Cybercrime Centre to tackle the crime, leading to the arrests this week.

 

Wil van Gemert, Europol's deputy director of operations, explained that the arrests were a notable victory against ATM malware crooks.

 

"The sophisticated cyber crime aspect of these cases illustrates how offenders are constantly identifying new ways to evolve their ways to commit crimes,” he said.

 

“To match these new technologically savvy criminals it is essential, as was done in this case, that law enforcement agencies cooperate with their counterparts via Europol to share information and collaborate on transnational investigations."

 

The arrests of those involved with Tyupkin is a clear success for the authorities, but other malware strains used for ATM thefts remain in use. Proofpoint revealed the existence of ‘GreenDispenser’ in September last year.

http://www.v3.co.uk/v3-uk/news/2441045/eight-arrested-over-tyupkin-atm-malware-thefts-across-europe