About Thawte

News

Current malware threats: remote-controlled ATMs, malware-dispersing blogging program

Within the current cyber security landscape, it is critical that organizations maintain awareness of the recent malware threats affecting firms in their industries. It seems that new attack risks surface nearly every day, however, by becoming aware of these samples and how they can affect connected systems and hardware, businesses can work to prevent them within their own networks.

ATM ejects cash after being infected with text message-controlled malware
One newly discovered malware sample currently impacting the financial sector is a strain that is being identified as "Ploutus," which first appeared in Mexico. The malware enables a hacker to control an ATM machine by text message, allowing the individual to command the machine to eject its cash reserves, according to IDG News Service.

Previously recognized versions of Ploutus required the cybercriminal to have direct access to the ATM terminal itself, but this new sample has acquired new abilities.

"Early versions of Ploutus allowed it to be controlled via the numerical interface on an ATM or by an attached keyboard," the source stated. "But the latest version shows a remarkable new development: it is now controllable remotely via text message."

For the strain to function, the attacker must infect the machine with the Ploutus sample, and also attach a mobile device to an internal USB port to leverage as a controller. Security analyst Daniel Regalado noted that when the mobile phone receives a new message, the hardware will convert it to a network packet and disperse it to the machine via the USB. Using this system, the hacker can command the machine to spit out bills and arrange to have a 'money mule,' or hired assistant, come collect the cash.

Blogging software distributes malware
According to ZDNet, security researchers have discovered that websites utilizing popular blogging program WordPress are "major source[s] of both phishing attacks and malware distribution."

Analysts found that many of these malware-dispersing sites were not hosted on WordPress.com, but instead by Automattic, whose founder was one of the original authors of the WordPress.org. Although the website operators are responsible for keeping the platform up-to-date and secure, many do not update their software, creating a vulnerable portal for attackers, ZDNet noted.

To prevent this, Wordpress users should be sure to install all security patches as soon as possible to repair any exploitable weaknesses. Additionally, these groups can leverage SSL certificates to better safeguard their sensitive information or customer data through encryption.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

We have updated our Privacy Policy which can be found here.

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?