{"id":12868,"date":"2019-02-21T13:23:35","date_gmt":"2019-02-21T09:23:35","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/winpot-atm-jackpotting\/12868\/"},"modified":"2019-11-15T15:22:31","modified_gmt":"2019-11-15T11:22:31","slug":"winpot-atm-jackpotting","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/winpot-atm-jackpotting\/12868\/","title":{"rendered":"The ATM of Fortune"},"content":{"rendered":"

It sounds like a weird dream: ATMs that look more like slot machines. If you try your luck, you might even be rewarded with a nice bundle of cash. Could it be true?<\/p>\n

WinPot: A jackpotting tool<\/h2>\n

In fact, the ability to turn a common ATM into something like a slot machine is real \u2014 and not dreamy at all. Actual malware called WinPot<\/a> can do just that. Perhaps its creators were inspired by the term jackpotting<\/a><\/em>, which commonly refers to attacks where cybercriminals force an automated teller machine to spew out money. Whimsically, they decided to make using WinPot look like playing slots for money mules<\/a>, individuals who pick up the loot from ATMs.<\/p>\n

Unlike machines in a casino, WinPot can make the \u201cATM game\u201d a sure-fire win, which could explain the first part of the name. The software helps criminals pick and empty the ATM\u2019s most lucrative cash-dispensing cassette.<\/p>\n

\"WinPot<\/a><\/p>\n

The slot machine\u2019s windows display each cassette\u2019s bill denomination and the number of bills inside the cassette. All the mule needs to do is select the cassette with the most money in it and press Spin. The Scan button can be used to recount the bills. WinPot\u2019s creators also provided an emergency Stop button for helping the mule cut the payout short before raising suspicions.<\/p>\n

Versions of WinPot are notably diverse, each with its own unique features. For example, certain flavors of the malware operate for a limited period of time (e.g. a month) and then silently deactivate themselves. The core feature set, though, is roughly consistent; the diversity helps it both adapt to new protective measures for ATMs and prevent abuse by mules, who might try to copy the software to keep all of the bounty.<\/p>\n

Jackpot, but not for everyone<\/h3>\n

The upshot is, if you notice anything odd about an ATM\u2019s appearance or operation, it\u2019s unlikely to mean good news for you. Cybercriminals go far beyond robbing ATMs. Their arsenals include ways to steal cash from bank clients<\/a>: hidden cameras, fake keypads, skimmers, and other devices for obtaining PINs and data from a card\u2019s magnetic strip \u2014 in other words, everything they need to produce a duplicate and use it without your involvement.<\/p>\n

Sometimes, though, dangers lurk inside perfectly normal-looking and working ATMs<\/a>. Therefore, it is key to remember the basic \u2026<\/p>\n

\u2026 safety rules when using ATMs<\/h3>\n