Security Alerts & News
by Tymoteusz A. Góral

#1480 Untangling the Ripper ATM malware
Last August , security researchers released a blog discussing a new ATM malware family called Ripper which they believe was involved in the recent ATM attacks in Thailand. Large numbers of ATMs were also temporarily shut down as a precautionary measure.

That analysis gave an overview of the techniques used by the malware, the fact that it targets three major ATM vendors, and compared Ripper to previous ATM malware families. Their analysis was based on the file with MD5 hash 15632224b7e5ca0ccb0a042daf2adc13. This file was uploaded to Virustotal by a user in Thailand on August 23.

During our analysis we noticed some additional details that where not called out, or which appear to contradict this earlier analysis. We highlight these differences in this blog post. We have also included technical indicators such as code offsets where possible for other researchers to follow on from our work.

In April of this year, Trend Micro’s Forward Looking Threat Research team and Europol EC3 collaborated on a comprehensive report on all ATM malware threats known at that point. We have been watching out for new families since then. The paper was made available to members of the Financial and Law Enforcement communities. If you are part of these industries, have not received a copy, and would like one, please contact Robert McArdle.
Read more
#1486 DDoS mitigation firm has history of hijacks
#1485 Data-stealing Qadars Trojan malware takes aim at 18 UK banks
#1484 Vulnerability patched in WordPress theme that allows unrestricted uploads
#1483 324,000 payment cards breached, CVVs included
#1482 Fake AV makes it onto Google Play
#1481 Cisco IOS Software Checker
#1480 Untangling the Ripper ATM malware
#1479 Ransomware's next target: Your car and your home
#1478 Cisco warns of second firewall bug exposed by Shadow Brokers
#1477 Mozilla patching Firefox certificate pinning vulnerability
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12