Hackers forced to move on from card skimming and attack firms directly.
Hackers are infecting cash points with malware in an attempt to target banking infrastructure, according to security firm Kaspersky.
A major ATM manufacturer is said to be being targeted by the backdoor Tyupkin in Eastern Europe, allowing criminals to withdraw money from afflicted cash points.
Kaspersky’s global research and analysis team (Great) said: "The successful use of skimmers to secretly swipe credit and debit card data when customers slip their cards into ATMs at banks or gas stations is well known and has led to a greater awareness for the public to be on the lookout – and take precautions – when using public ATMs.
"Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs directly or direct [advanced persistent threat] attacks against the bank."
Security camera footage showed hackers installing the malware through a bootable CD, which allows the user to bypass the native operating system and launch straight into their preferred software.
The attackers copy files over to the ATM and create a relevant key in the system’s settings registry, after which the malware can interact with a financial services extension, according to Kaspersky.
"The Tyupkin malware is one such example of attackers moving up the chain and finding weaknesses in the ATM infrastructure," the company said.
"The fact that many ATMs run on operating systems with known security weaknesses and the absence of security solutions is another problem that needs to be addressed urgently."
Commands were only accepted by infected machines on Sunday and Monday nights, with the session key preventing those other than the hackers from entering codes.
If a session key is entered incorrectly the malware disables the local network, which Kaspersky said might be intended to reduce attention from investigators and police.