Bank Employee Plants Malware on ATMs

A Bank of America employee has been charged with installing malware on ATMs in North Carolina. The employee, who was a member of the bank’s IT staff, was able to withdraw cash without leaving transaction records from the ATMs over the course of 7 months during 2009.

The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it… At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly.

Further details available at Wired’s Threat Level