Malware aimed at Bitcoin ATMs is being sold in underground markets, according to Trend Micro security researchers. For just $25,000, malware exploiting a service vulnerability allows users to nab bitcoin price equivalent in euros, USD, or in British pounds.
For $25,000, Bitcoin ATM Malware is Available on Underground Markets
Senior Threat Researcher at Trend Micro, the firm alerting enthusiasts, Fernando Mercês, explained, “Unlike regular ATMs, there is no single set of verification or security standards for Bitcoin ATMs. For instance, instead of requiring an ATM, credit, or debit card for transactions, a Bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification.”
“The user then has to input a wallet address or scan its QR code,” Fernando Mercês thus continued. “The wallets used to store virtual currencies are not standardized either and are often downloaded from app stores, posing another security problem.” Cryptocurrency is bought through Near-Field Communication, Europay, and Visa/Mastercard pre-written cards sold to the malware purchasers.
Bitcoin ATMs are now numbering something close to 3,500 around the world, and, of course, malware is borderless. This particular strain is limited to languages such as German, English, and Russian. These languages correspond to where Bitcoin ATMs are mostly clustered, as the devices are not evenly distributed.
Popularity Breeds Criminal Attention
Adoption in German speaking nations runs about 150 devices over 30 locations. For Russian speakers in the Federation and Ukraine, more than four dozen locations house machines with which such malware would be a potential threat. English speaking countries are the most target rich, as between the United Kingdom (178) and the United States (2,168) they house more than 2,300 Bitcoin ATMs.
Researchers stress standardization, the absence of it in fact, is among the biggest problems facing Bitcoin ATM security. Trend Micro claims sellers of the malware have been reviewed more than a hundred times, which might mean the information is spreading. Sellers have openly sought to split the malware’s fee among conspirators, offering something akin to a revenue sharing scheme.
Trend Micro concluded, “As long as there is money to be made — and there is quite a bit of money in cryptocurrencies — cybercriminals will continue to devise tools and to expand to lucrative new ‘markets.’ As the number of Bitcoin ATMs grows, we can expect to see more forms of malware targeting cryptocurrency ATMs in the future.”