A group of masked robbers are suspected of using a computer program to hack into ATMs in Taiwan to steal more than $2 million.
The thieves are believed to have targeted more than 30 ATMs belonging to Taipei-based First Commercial Bank, The Times Of India reported on Tuesday (July 12).
“It is still not clear how the suspects stole such a large amount of money from the ATMs. My understanding is this is the first time such a criminal method has been discovered here,” a member of the authorities told AFP.
First Commercial Bank confirmed that its security footage shows the culprits walking away from the machines with bags packed with cash drawn right from the ATMs.
“ATM crimes were not uncommon, most of them using fake cards or cheating people out of their money using their debit or credit cards on ATMs,” a police officer said.
Earlier this year, Kaspersky Lab announced new research regarding a hacker collective, known as the Skimer group, that uses malware to essentially make an ATM steal users’ money. Instead of putting skimmer devices on the ATM, this group makes the entire ATM a skimming device. This program was first discovered in 2009, but researchers have now discovered that the malware is being reused to attack banks around the world.
As part of its investigation, Kaspersky Lab found a new version of the malware on a bank’s ATM that had been planted by hackers. This is done, according to the researchers at the lab, in two ways: physical access to the ATM or through its internal network. After installation, the ATM is infected with the malware, which interacts with the bank’s payments infrastructure.
From there, the ATM becomes a skimmer itself. Besides getting funds from customers’ accounts, it also enables the hackers to gain access to customers’ bank account info and PINs. But what’s unique about this malware is that it is undetectable, compared to a typical skimmer device.
“With the Skimer malware, if the criminal group decides to make a direct money withdrawal from the ATM money cassettes, their criminal activity will be revealed instantly after the first encashment. Therefore, the Skimer criminals often do not act immediately, instead choosing to let the malware operate on the infected ATM, skimming data from cards for several months, without undertaking any activity,” the report explained.