KoffeyMaker: notebook vs. ATM | Advanced Mobile Spy Software
Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low "entry requirements" for would-be cyber-robbers: specialized sites offer both the necessary tools and how-to instructions. Kaspersky Lab' experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack — a cybercriminal opened the ATM, connected a laptop to the cash dispenser, closed the ATM, and left the crime scene, leaving the device inside. Further investigation revealed the "crime instrument" to be a laptop with ATM dispenser drivers and a patched KDIAG tool; remote access was provided through a connection to a USB GPRS modem. The operating system was Windows, most likely XP, ME, or 7 for