You can buy Bitcoin ATM malware for $25,000 in the Dark Web

Malware targeting cryptocurrency-based ATMs commands high prices in the underground.
Written by Charlie Osborne, Contributing Writer

Malware specifically designed to target cryptocurrency ATMs has been located on the Dark Web -- and the malicious code commands high prices.

Traditional ATMs, of which approximately 300 million are in use, connect to bank cards and release physical cash and are already a target for cyberattackers and criminals worldwide.

Skimmers which record and exfiltrate credit card data, physical tampering, and exploits designed to compromise the often-aging operating systems and networks ATMs rely upon are all in use.

The problem has become widespread and has such financial impact both on consumers and financial institutions that IBM has received an increase in ATM security testing requests of 300 percent in the past year.

Even as we struggle to catch up and patch our current ATM systems, cryptocurrency-based machines are being adopted at a rapid rate.

According to Bitcoinist, roughly 3,500 cryptocurrency ATMs are in use, more than quadrupling in number over the course of 2017. Manufacturers Genesis Coin and General Bytes claim the lion's share of the market.

TechRepublic: Twitter CEO: Bitcoin will be world's 'single currency' within 10 years

However, it seems that history may repeat itself, as malware has already been developed specifically for next-generation ATMs which do not connect to bank accounts; but rather, cryptocurrency exchanges and a user's digital wallet.

Researchers from Trend Micro said on Tuesday that cryptocurrency malware has been spotted for sale by what appears to be an established and respected malware creator.

In order for users to withdraw or transfer cryptocurrency, a Bitcoin ATM uses mobile numbers and ID cards to verify user identities. The user then inputs a wallet address or scans a QR code to make a transfer.

However, with so many wallet vendors and cryptocurrency exchanges vying for dominance, there is a lack of standardization in the industry -- a weakness that malware developers have exploited.

CNET: What is bitcoin? Here's everything you need to know

The malware listing outlines what the developer calls a "service vulnerability." The listing says that users are able to receive Bitcoin worth up to 6,750 -- in dollars, euros, or pounds -- by exploiting cryptocurrency ATMs. Purchasers of the malware also receive a ready-to-use card that comes with EMV and NFC capabilities.

Trend Micro

However, the malware does not come cheap and is being sold for $25,000. The high price commanded by the malware will hopefully prevent too many sales to grassroots hackers looking for a quick profit.

See also: 'Unhackable' Bitfi wallet circus delights security researchers with hacking challenge

The seller is also offering regular ATM malware which, updated for EMV standards, is able to disconnect ATMs from their network to prevent alarms from sounding. In addition, the malicious code forces the machine to go into engineering mode while spewing out cash.

"As long as there is money to be made -- and there is quite a bit of money in cryptocurrencies -- cybercriminals will continue to devise tools and to expand to lucrative new "markets,"" Trend Micro says. "As the number of Bitcoin ATMs grows, we can expect to see more forms of malware targeting cryptocurrency ATMs in the future."

Top tips for investing in cryptocurrency

Previous and related coverage

Editorial standards