A new Linux variant of the FASTCash malware is being used by North Korean threat actors to steal funds by infiltrating payment switches within compromised networks, allowing unauthorized cash withdrawals from ATMs. Originally seen in Windows and IBM AIX systems, this Linux variant was first detected in mid-2023 and is designed to intercept and manipulate transaction messages for fraudulent withdrawals in Turkish Lira. The funds withdrawn per transaction range from $350 to $875, highlighting the need for better detection capabilities in Linux server environments
The malware was first documented by the U.S. government in 2018, showcasing its use in ATM cashout schemes targeting banks in Africa and Asia. This Linux variant underscores the evolving nature of cyber threats and the importance of staying vigilant against sophisticated malware targeting critical financial infrastructure. https://thehackernews.com/2024/10/new-linux-variant-of-fastcash-malware.html