Hackers Turn ATMs into Piggybanks and Customer Databases into High-End Smartphones

Wittayakorn Kiatdumrong/Shutterstock.com

This week's cyber crimes require some in real-life accomplishes to finish up tasks.

Phone flaws, ATM malware and ways to turn data into real-life high-end phones: It's just another week in Threatwatch, Nextgov's regularly updated index of cyber incidents.

More Backdoors Found in Low-Cost Android Devices

About 2.8 million Android devices have a vulnerability in the over-the-air update system that would allow attackers to install and configure applications, according to researchers.

The problem lies with software made by Chinese company Ragentek Group, which exposes user information through unencrypted communications and is susceptible to man-in-the-middle attacks, according to a Threatpost report. The software appears in about 55 identified device models, including those made by brands BLU Products, Infinix Mobility and others.

AnubisNetworks, which disclosed the vulnerability Nov. 17, also said devices out of the box attempted to contact two unregistered domains. The researchers said if attackers registered the domains, they could have accessed the nearly 3 million devices without using a man-in-the-middle attack.

Security firm Kryptowire last week discovered code in some Android smartphones that send full texts, call logs, contact lists and location details to Chinese servers, according to The New York Times. The code, written by Shanghai Adups Technology Company, appears in 700 million devices around the world, though this version was designed to help a Chinese manufacturer monitor user behavior, the report said. BLU Products said the software affected 120,000 of its phones and has since updated the software.  

Thieves Jackpot ATMs Across Europe

Instead of targeting individual bank customers, hackers are making cash machines across Europe spit out cash while accomplices scoop it up, a practice known as jackpotting. 

Previous ATM attacks required physical access to manipulate machines, but the recent wave involves remotely infecting them, which allows hackers to attack many machines at once, Reuters reports. People, however, need to be near the machines to pick up the booty.

Threat intelligence vendor Group-IB’s report on the campaign says at least 14 countries have been hit, including the Netherlands, Poland, Romania, Russia, Spain and Britain. The report attributes the crimes to a group called Cobalt, which has the ability to take over bank networks in as little as 10 minutes.

Such ATM attacks occurred over the summer, too: Thieves stole approximately $2.5 million from ATMs in Taiwan and $350,000 from machines in Thailand.

The Wall Street Journal reported the FBI this month warned U.S. banks to be on alert for such attacks and specifically the Buhtrap software, used by a Russian gang that targets both banking transaction networks and ATM networks. That software, likely developed by “a small corps of elite hackers,” according to the report, is now being used by other groups.

“This type of attack does not require development of expensive advanced software—a significant amount of the tools used are widely available on the deep web,” Group-IB researcher Dmitry Volkov said in a statement.

Almost 134,00 Customers' Info Breached in Phone Scam

Three, one of the U.K.’s largest mobile services providers, confirmed that almost 134,000 customers’ information was compromised in a scheme to steal phones, according to reports.

“We believe the primary purpose of this was not to steal customer information but was criminal activity to acquire new handsets fraudulently,” Three CEO Dave Dyson said in a statement.

Bad actors accessed the company’s phone upgrade system, which doesn’t contain financial information like bank accounts or passwords, according to The Guardian. Three said eight customers had been “unlawfully upgraded” to new phones.

For most customers, the compromised information could include name, billing date, which phone they use, and contract start and end dates, but for almost 27,000 customers, more information could have been accessed, ZDNet reports. Those additional personal details could include address, date of birth, email address, previous address, marital status and employment status.

The National Crime Agency arrested three men as part of the investigation.