Kaspersky Labs said the Tyupkin malware works when crooks have physical access to the ATMs and use a bootable CD to install it. The infected ATM runs on an infinite loop waiting for a command and runs only on specific times on Sunday and Monday nights. Then the crooks strike, taking cash from infected machines without needing to use credit cards.
Kaspersky said the malware – Backdoor.MSIL.Tyupkin – has been detected on ATMs in Europe, Latin America and Asia.
The anti-virus company said that banks need to look at the physical security of ATMs and invest in good quality security systems.
They also need to replace master keys and locks on the top of ATMs and get rid of the default settings. An alarm should also be installed because Kaspersky discovered the gangsters only infected ATMs with no security alarm. The default BIOS passwords should be changed and the ATMs need to have up to date antivirus software installed.