Romanian law enforcement authorities have arrested eight cyber criminals suspected of being part of an international criminal gang that pilfered cash from ATMs (automatic teller machines) using malware.
The operation said to be one of the first operations of this type in Europe, was conducted in Romania and Moldova by Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism (DIICOT), with assistance from Europol, Eurojust and other European law enforcement authorities.
Europol did not provide names of any of the eight criminals arrested but said that the gang allegedly used a piece of malware, dubbed Tyupkin, to conduct what are known as Jackpotting attacks and made millions by infecting ATMs across Europe and beyond.
With the help of Tyupkin malware, the suspects were able to empty cash from infected ATMs by issuing commands through the ATM's pin pad.
"The criminal group was involved in large scale ATM Jackpotting – a term which refers to the use of a Trojan horse, physically launched via an executable file in order to target an ATM," Europol explained in a press release, "thus allowing the attackers to empty the ATM cash cassettes via direct manipulation, using the ATM PIN pad to submit commands to the Trojan."
Tyupkin was first analysed in 2014 by Kaspersky Lab following the request from a financial institution. During the investigation, Kaspersky found the malware threat on more than 50 ATMs in Eastern Europe.
The malware allows its operators to withdraw cash from ATMs without the requirement of any payment card.
Although, Europol did not specify how much money in total the criminal gang was able to plunder, it believed that the gang was able to cause “substantial losses” across Europe and that the losses could be in Millions.