Lazarus Group Deploys Linux FASTCash Malware to Steal Millions in Coordinated ATM Attacks

by | Oct 15, 2024 | News

Lazarus Group Deploys Linux FASTCash Malware to Steal Millions in Coordinated ATM Attacks

Post Views: 130




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

North Korean Hackers Deploy Linux-Based FASTCash for ATM Cashouts

North Korean state-sponsored hacking group Hidden Cobra, also known as APT38 or Lazarus, has expanded its notorious FASTCash malware to Linux systems, specifically targeting Ubuntu 22.04 LTS distributions. The new variant allows the group to infiltrate payment switch systems, enabling unauthorized ATM withdrawals at an international scale.

The Evolution of FASTCash: From Windows to Linux

While previous versions of FASTCash targeted Windows and IBM AIX (Unix) systems, this newly discovered Linux variant represents a significant evolution in the group’s capabilities. Hidden Cobra has been conducting FASTCash operations since 2016, orchestrating simultaneous ATM withdrawal attacks across 30 countries, resulting in tens of millions of dollars stolen per attack.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

How FASTCash Exploits Payment Systems for Unauthorized Withdrawals

The Linux variant infects financial institutions’ payment switch servers, which facilitate transactions between ATMs, PoS terminals, and central bank systems. The malware manipulates ISO8583 messages, which are used to process debit and credit card transactions, replacing “declined” responses for insufficient funds with “approved,” thereby enabling fraudulent withdrawals.

FASTCash operational overviewFASTCash operational overview
Source: doubleagent.net

Evasion and Detection Challenges

The new Linux variant, first submitted to VirusTotal in June 2023, had zero detections, highlighting its ability to evade traditional security tools. This allowed attackers to bypass financial safeguards and execute cashouts undetected, leveraging mules to withdraw large sums from ATMs. The Windows variant was updated in September 2024, showing the hackers’ ongoing efforts to evolve their malware.

Trending: NIS2 Directive: A Strategic Blueprint for Cyber Security and the Importance of Pentesting




Trending: OSINT Tool: cloud_enum

Global Financial Implications

FASTCash operations pose a grave threat to financial institutions worldwide, especially as North Korean hackers demonstrate their ability to compromise even Linux-based systems. With $1.3 billion in damages linked to their activities, Hidden Cobra’s latest exploits emphasize the need for robust cybersecurity measures across all platforms.

Trending: Internet Archive Hacked: 31 Million User Records Stolen in Major Data Breach

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This