North Korean hackers are using the ‘FASTCash’ malware, which targets Linux systems, to infiltrate banks and illicitly withdraw money in Turkish currency by modifying ISO 8583 transaction messages. First identified in 2018, the malware has evolved to target banks using Windows servers and interbank payment processors. Experts recommend deploying endpoint detection, verifying message authentication codes on finance request responses and chip and PIN transaction validation to prevent exploitation.
North Korean hackers use newly discovered Linux malware to raid ATMs
The malware FASTCash tampers with switch messages received from card issuers during a financial transaction, changing denials into approvals. The systems targeted often have misconfigurations