New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists


The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs, FASTCash was first documented by the U.S. government in October 2018 as used by adversaries linked to North Korea in connection with an ATM cashout scheme targeting banks in Africa and Asia since at least late 2016. FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions," the agencies noted at the time. The funds withdrawn per fraudulent transaction range from 12,000 to 30,000 Lira ($350 to $875), mirroring a Windows FASTCash artifact ("switch.dll") previously detailed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in September 2020.

Read More


thumb-image

Solutions