FiXS

Description

(Metabase Q) Metabase Q recently identified a new malware that is currently affecting Mexican banks. Due to it’s code name in the binary, we dubbed it FiXS.

It is not clear yet what the vector for the initial infection is. However, since FiXS utilizes an external keyboard (similar to Ploutus), we anticipate that it follows a similar methodology. In the case of Ploutus, a person with access to these teller machines physically connects an external keyboard to to the ATM for the attack to commence.

So far, we have identified some key relevant characteristics of FiXS malware: • It instructs the ATM to dispense money 30 minutes after the last ATM reboot • It is hidden inside another not-malicious-looking program • It is vendor-agnostic targeting any ATM that supports CEN XFS • It interacts with the crooks via external keyboard • It waits for the Cassettes to be loaded to start dispensing • It contains Russian metadata

Names

Name
FiXS

Type

ATM malware

Information

https://www.metabaseq.com/fixs-atms-malware/

Other Information

Uuid

7b095e59-1cfa-4d33-9ebe-c6b5df3d8fe9

Last Card Change

2023-04-25

Threat Intelligence Garden

Explorer

FiXS

FiXS

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks