Security experts have discovered a new strain of malware dubbed Suceful (Backdoor.ATM.Suceful) specifically designed to target ATMs. Malware designed to hack ATMs are not new as in the past security experts have already detected malicious codes used to make ATMs dispense cash, such as Ploutus or Tyupkin. The variant detected by FireEye appears to have been created on August 25. The SUCEFUL capabilities in Diebold or NCR ATMs include reading all the credit or debit card track data, reading data from the chip of the card Control of the malware via ATM PIN pad, retention or ejection of the card on demand. Similar to other ATM malware, SUCEFUL interacts with a middleware called XFS Manager which is the interface between the application and the peripheral devices (e.g., printer, dispenser, card reader, in pad).
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street