Contact Contact Us

East European ATMs Raided Using KoffeyMaker Toolkit

Researchers found that cybercriminals had raided the ATMs of several East European banks between 2017 and 2018 using a toolkit dubbed KoffeyMaker. The cybercriminals opened the ATM, connected the KoffeyMaker toolkit to the cash dispenser, closed the ATM, and left the crime scene with the laptop inside the ATM. KoffeyMaker consisted of a laptop with ATM dispenser drivers, a patched KDIAG tool, and a USB GPRS modem that provided remote access connection. Subsequently the cybercriminals returned to use the ATM, while an accomplice remotely connected to the toolkit instructed the dispenser to issue cash.

References:
[1] KoffeyMaker: notebook vs. ATM

Ensign InfoSecurity Singapore
6 Commonwealth Lane
Singapore 149547

Tel: +65 6788 2882
Fax: +65 6788 3883