Robbing an ATM is now as easy as sending a text message, according to a new report from Symantec.
Well, not quite that easy. Thieves still have to connect a mobile phone to the ATM through a USB port and then infect the ATM with Ploutus malware, explained the Internet security company in a blog post on Monday. That involves physically opening the top section of an ATM, which, while easier than forcing your way through the heavy door protecting the cash, still looks somewhat suspicious.
From that point on, the criminals can send text messages to the connected phone, telling the ATM to start spitting out bills whenever they — or more likely one of their “money mules” — happen to be walking by.
The same thing can also be accomplished with an external keyboard, but, yeah, this looks even more suspicious than jamming a cellphone inside:
To be clear, there have been no reported cases of thieves texting their way to stolen riches. Instead, this is an English-language version of malware discovered circulating in Mexico in 2013. Symantec is pointing out a vulnerability in ATMs, especially ones running Windows XP. (Microsoft is so desperate to get people to upgrade from its outdated operating system that it’s offering XP users gift cards towards buying a new PC).
Obviously, pulling off an operation like this would be nearly impossible in a bank, and extremely difficult even with less-secure ATMs. Still, if someone could isolate and pick the lock of an ATM (minus hilarious "Barbershop"-style hijinks), it is possible to rake in stolen cash via text message.