Categories: InfoSec News

Zero-day Abused by Cybercriminals to Steal Crypto from Bitcoin ATMs

Published by
RiSec.Mitch

Malicious actors have taken advantage of a zero-day flaw in General Bytes Bitcoin ATM servers to steal cryptocurrency from clients.

The way it works is that once a person deposits or buys bitcoin through the ATM, the money will instead be diverted to the threat actors.

The hardware and software company General Bytes produces Bitcoin ATMs that, depending on the product, let users buy or trade approximately 50 different cryptocurrencies.

The Bitcoin ATMs are managed by a remote Crypto Application Server (CAS), which also oversees the functionality of the ATM, determines what cryptocurrencies are supported, and performs the transactions of bitcoin on exchanges.

How Did the Attack Happen?

A security advisory published by General Bytes last week disclosed that the cyberattacks were carried out by exploiting a zero-day weakness in the bitcoin and blockchain technology provider’s CAS.

The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.

General Bytes thinks that the attackers searched the internet for vulnerable servers using the TCP ports 7777 or 443, including those hosted at Digital Ocean and its own cloud service.

Following this, the cybercriminals abused the flaw to create a default admin user named “gb” to the CAS and changed the “buy” and “sell” cryptocurrency settings, and “invalid payment address” to use an attacker-controlled cryptocurrency wallet.

The threat actors changed these settings so that any cryptocurrency that was collected by CAS was instead sent to the hackers.

Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to ATM.

source

Customers are being advised by the company not to use their Bitcoin ATMs until two server patch releases—20220531.38 and 20220725.22—have been applied to their servers.

Furthermore, General Bytes offered a checklist of procedures to be performed on the devices before they are returned to normal use.

Based on data from BinaryEdge, at the moment, there are eighteen General Bytes Crypto Application Servers still exposed to the Internet, most of them being based in Canada.

It is not known how many servers were compromised using this flaw or how much cryptocurrency was taken.

source

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmark Close
Social Comments Box
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 22 August 2022 12:51 PM

RiSec.Mitch

Just your average information security researcher from Delaware US.

Leave a Comment
Published by
RiSec.Mitch
Tags: General Bytes zero-day

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago