A new ATM malware strain called FiXS has been detected attacking Mexican banks since the beginning of February 2023.
Latin American cybersecurity firm Metabase Q reported that the ATM malware is concealed within another program that appears to be non-malicious.
FiXS is not dependent on any specific vendor, is vendor-agnostic, and can infect any teller machine that supports CEN/XFS. FiXS has similar characteristics to Ploutus, another strain of ATM malware, which enables cybercriminals to extract cash from ATMs by sending an SMS or using an external keyboard.
One of the distinctive features of FiXS is its ability to dispense money 30 minutes after the last ATM reboot by utilizing the Windows GetTickCount API. This malware is implemented with the CEN XFS APIs, which can run on most Windows-based ATMs with little modifications, and communicates with cybercriminals via an external keyboard.
Cybercriminals have the same objective of dispensing cash, whether they compromise networks or attack physical access.
Malware such as Ploutus, Prilex, SUCEFUL, GreenDispenser, RIPPER, Alice, ATMitch, Skimer, and ATMii have targeted ATMs to siphon money, and Prilex has even evolved into a modular point-of-sale (PoS) malware to perform credit card fraud.