A Skimer attack starts by gaining access to the ATM system – either through physical access or via the bank’s internal network. Then, after successfully installing Skimer into the system, it infects the core of an ATM. The malware screws with processes responsible for the machine’s interactions with the banking infrastructure, cash processing and credit cards.
The criminals then have full control over the infected ATMs. But they proceed cautiously. Once an ATM is successfully infected with Skimer backdoor, criminals can withdraw all the funds in the ATM or grab the data from cards used by the machine: including the customers’ bank account numbers and PIN codes. It sits surreptitiously gathering information, much like a sleeper agent, until it is activated.
In order to wake it up, criminals insert a particular card, which has certain records on the magnetic strip. After reading the records, Skimer can either execute the hard coded command or request commands through a special menu activated by the card. The Skimer’s graphic interface appears on the display only after the card is ejected and if the criminal inserts the right session key from the pin pad into a special form in less than 60 seconds.Watch movie online The Transporter Refueled (2015)
With the help of this menu, the criminal can activate 21 different commands, such as dispensing money, collecting details of inserted cards, self-deleting, updating from malware code embedded on the card’s chip etc. Also, when collecting card details, Skimer can save the file with dumps and PINs on the chip of the same card, or it can print the card details it has collected onto the ATM’s receipts