Skip to content

New ATM Malware ‘FiXS’ Emerges “Unlock the Power of Positive Thinking: Transform Your Life!”

Cybersecurity company Metabase Q has documented a new malware family targeting ATMs in Latin America. Dubbed FiXS and containing Russian metadata, the threat is currently targeting banks in Mexico, but has been found to be vendor-agnostic and able to work on any ATM that supports CEN XFS.

The malware is deployed embedded in a dropper that decodes the malware with XOR instruction and stores it in the system’s temporary directory. FiXS is then executed via the ShellExecute Windows API and, once running, is capable of displaying the numbers of bills in each cassette, in the recycle bin, and in the rejected bin. The malicious code also instructs the infected machine to dispense money 30 minutes after the last reboot.

Given that FiXS requires physical access and an external keyboard, it is believed that cybercriminals are using mules to retrieve the money shortly after the malware’s installation. As such, Metabase Q urges banks and financial institutions to reduce the Time to Detect and Response to these types of threats in order to mitigate the risk of attacks.

In conclusion, the new FiXS ATM malware is a sophisticated threat that targets banks in Latin America, potentially allowing criminals to steal money from ATMs. As such, it is essential for organizations to take measures to detect and respond to this type of attack quickly and effectively.

Key Points:
• Metabase Q has documented a new malware family targeting ATMs in Latin America
• FiXS requires physical access and an external keyboard, and is vendor-agnostic
• The malware is deployed embedded in a dropper that decodes the malicious code with XOR instruction
• FiXS instructs the infected machine to dispense money 30 minutes after the last reboot
• Metabase Q urges banks and financial institutions to reduce the Time to Detect and Response to these types of threats

Leave a Reply

Your email address will not be published. Required fields are marked *