we've all heard of someone hitting B hitting the jackpot at a casino but what about jackparting in ATM [Music] you may think to yourself you know most cyber criminals today you could only dream of this happening to them but what if I told you there are multiple ways people have done this Oklahoma City police are now investigating a crime ring involving what they call ATM jackpotic prosecutors have charged the alleged ring leaders of the ATM jackpotting scheme according to court documents one of the suspects opened the machine and installed malware obviously the easiest way would just to Simply take the ATM however this comes with a higher risk of being caught as a criminal would have to physically steal the ATM which is very heavy not to mention ATMs are essentially a computer that can dispense cash which can always be traced and located if stolen and I'm not just talking about the computer I'm also talking about the cash that is inside if you look closely at a 100 bill or any United States bill for that matter you will see the bill has an 11 digit marking known as a serial number which is a unique combination of numbers and letters that appears twice in the front of the note and each note will have a unique serial number these serial numbers can be used to identify stolen funds and is also known as marking bills okay this technique is used by police to trace and identify money used in illegal activities serial numbers can be recorded in the event of a robbery and sometimes specific markings are made on the banknote themselves that can only be seen under a black light now Brazen criminals have used excavators to physically steal ATMs however this will only draw the attention of people in the immediate area who may decide to call the police and they would be right to do so however we cannot forget the fact that there are criminals who are much more dangerous because they do not need to physically deal any ATMs rather they have a much more sophisticated way of going about things now I previously made a video regarding the carbonack hack carbonack it was untraceable was undetectable even to Conventional security systems which involved a group of hackers who were essentially able to create a piece of malware that when introduced to an ATM would allow the attackers to essentially take administrative control over the computer of the ATM which then could be used to execute commands and make withdrawals without actually having to enter any bank card or Account Details and as we can see here this is one of those hackers they use skeleton keys which are sold online and can be used to open up specific models of ATMs after using a skeleton key the hacker then just needs to plug in a small external device which contains the malware into the ATM they can then use a keyboard to control the machine and make withdrawals they call themselves plotis and they are the most powerful the most dangerous group of hackers financial institutions have ever encountered cyber Security Experts are baffled by the malware's complexity and the craziest part is almost no one knows how to stop it now Otis is essentially a malware family that targets ATMs and is able to perform ATM Jack potting which essentially is an attack that causes ATMs to dispense every bill that is stored inside the ATM's cassettes the malware was first discovered back in November of 2013 in Mexico and in March of 2021 a new version of lotus malware was identified targeting ATMs in the Latin American region the malware was implemented using the microsoft.net framework a technology that allows effective code decompilation now deployments of the malware is typically achieved by connecting an external device to the ATM to trigger execution of the malware once executed plotus interacts with the operating the operating system using function keys and a mouse now the interaction with the mouse was likely introduced to allow operators to easily interact with ATM supporting a touch screen but communication with an ATM is performed by using an xfs middleware such as Cal but the supported interface is very minimal which was likely adopted to allow the malware to run on a wide variety of ATM devices now historically the plotus binary was strongly obfuscated making analysis difficult and in particular plotus uses multiple obfuscation techniques such as string encryption function name obfuscation methods proxying maybe even control flow graph obfuscation and Method encryption now as mentioned the obfuscation techniques implemented by plotus are the results of the usage of the commercial obfuscator.net react factor and some of these techniques are very easy to de-obficate such as string encryption while Others May significantly slow down the analysis process control flow obfuscation just for an example or a method proxy are two examples of two techniques that will significantly slow down the debugging of the malware and these techniques had relevant information such as the name or signature of the function called this information is generally available in the debugger view where they make the debugging session much harder by making the execution flow not linear enforcing the analysis to execute a lot of jump instructions and of the mentioned techniques method body encryption is one that makes analysis most difficult the concept is based on encrypting the method body with a faker empty one and only when the method is compiled to a native code the real method body is passed to the compiler instead of the fake one the impact of this technique is in the analysis process unable rather to see the real method instructions and as a consequence it will be unable to correctly debug the process and to manage debuggers such as the inspy moving on today a Russian security company reported that it discovered one of the biggest bank robberies ever no guns involved hackers did it breaking into more than 100 Banks in 30 countries and making off with the total of as much as 1 billion dollars but with the rise of Advanced Financial malware such as plotus we now have proof of the growing risk posed to the financial industry now plotus is a type of ATM malware and it was designed to allow attackers to physically control ATMs bypass security measures and steal large amounts of money fraudulently and unfortunately nobody has been able to stop it except the people who created it