Home Malware Programs Trojans PadPin

PadPin

Posted: October 31, 2014

PadPin is a backdoor Trojan that targets automated tellers, allowing third parties to extract bills from the internal storage. While PadPin most recently was seen in a campaign in Malaysia, the rise in ATM threat attacks is an observable trend that could lead to PadPin being seen elsewhere in the world. Besides using specialized anti-malware solutions for removing PadPin, malware researchers can advise monitored use of ATMs to prevent other persons from having the physical access required to install this threat.

PadPin: A Backdoor Straight into a Cash Deposit

While hackers have turned to such convoluted tactics as encrypting files to force victims to transfer money for decryption keys, not all threat projects are so complex – or relatively unreliable. PadPin is one of the many backdoor Trojans that specialize in granting third parties physical access to money stored in automated tellers, which grants profits without needing them to bother convincing a victim to provide any assistance. Because PadPin specializes in ATMs, average PC users have little to fear from PadPin, in contrast to most other, general-purpose backdoor Trojans. This Trojan first was identified in 2014, although ATM threat campaigns have been ongoing for many years longer time than that.

PadPin targets Windows XP and Windows 7 machines only, and may install through a CD-ROM or USB device. If PadPin fails to gain full access to the machine, PadPin may delete itself. However, a PadPin installation that achieves full control may allow its creators to input codes on the PIN pads to gain access to the internally-stored money bills. In addition to their pilfering money from specific cassettes, third parties also may use PadPin to disable security features, particularly ones related to triggering standardized alarm systems. These persons also may view how much money is available and the relevant denominations.

Unpinning PadPin from Your Business's Wallet

The most meaningful tradeoff for PadPin's convenience is the fact that PadPin requires its perpetrators to have physical access to an automated teller. Business owners and managers that are responsible for stand-alone ATM units should take precautions to monitor the machines for unauthorized access, such as installing camera surveillance. In some cases, the attempts to access ATM machines may extend to such invasive acts as drilling holes into the physical casing, although not all attacks are so blatant. Attended and mounted ATMs are at relatively less, albeit not zero, risk, due to their accessibility complications.

PadPin may be able to delete itself, but merely hoping that it will do so has obvious repercussions for the livelihood of any responsible business. When appropriate preventative security fails, anti-malware solutions can identify and remove PadPin, which has extremely limited defenses against professional removal. Because the confirmed cases of ATM threat attacks have risen sharply in 2014, it's clear that ATM owners, rather than their customers, may be some of the most notable victims of Trojan attacks.

Loading...