Crypto Opinions & News Bitcoin ATMs Leeched by Attackers who Created Fake Admin Accounts

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Content source
https://nakedsecurity.sophos.com/2022/08/23/bitcoin-atms-leeched-by-attackers-who-created-fake-admin-accounts/
You wouldn’t know it from visiting the company’s main website, but General Bytes, a Czech company that sells Bitcoin ATMs, is urging its users to patch a critical money-draining bug in its server software.

The company claims worldwide sales of more than 13,000 ATMs, which retail for $5000 and up, depending on features and looks. Not all countries have taken kindly to cryptocurrency ATMs – the UK regulator, for example, warned in March 2022 that none of the ATMs operating in the country at the time were officially registered, and said that it would be “contacting the operators instructing that the machines be shut down”. We went to check on our local crypto ATM at the time, and found it displaying a “Terminal offline” message. (The device has since been removed from the shopping centre where it was installed.) Nevertheless, General Bytes says it serves customers in more than 140 countries, and its global map of ATM locations shows a presence on every continent except Antarctica.
Click to expand...
According to the General Bytes product knowledgebase, a “security incident” at a severity level of Highest was discovered last week. In the company’s own words: " The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user. " As far as we can tell, CAS is short for Coin ATM Server, and every operator of General Bytes cryptocurrency ATMs needs one of these. You can host your CAS anywhere you like, it seems, including on your own hardware in your own server room, but General Bytes has a special deal with hosting company Digital Ocean for a low-cost cloud solution. (You can also let General Bytes run the server for you in the cloud in return for a 0.5% cut of all cash transactions.)

According to the incident report, the attackers performed a port scan of Digital Ocean’s cloud services, looking for listening web services (ports 7777 or 443) that identified themslves as General Bytes CAS servers, in order to find a list of potential victims.
Click to expand...
nakedsecurity.sophos.com

Bitcoin ATMs leeched by attackers who created fake admin accounts

The criminals didn’t implant any malware. The attack was orchestrated via malevolent configuration changes.
nakedsecurity.sophos.com nakedsecurity.sophos.com
 
  • Like
Reactions: harlan4096, Faybert, Gandalf_The_Grey and 2 others

Similar threads

Gandalf_The_Grey
    • Wow
Crypto Opinions & News Hacker locks Unicoin staff out of Google accounts for 4 days
Replies
0
Views
679
Crypto News
Gandalf_The_Grey
Gandalf_The_Grey
upnorth
    • Wow
    • Like
    • HaHa
Crypto Opinions & News Hackers Drain Bitcoin ATMs of $1.5 Million by exploiting 0-day
Replies
2
Views
807
Crypto News
oldschool
oldschool
upnorth
    • Like
    • Wow
Crypto Opinions & News $40 Billion worth of Crypto Crime enabled by Stablecoins since 2022
Replies
0
Views
608
Crypto News
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top