Malware blamed for ATM thefts in Mexico and Ukraine

PETALING JAYA, Malaysia - At least two malicious computer programs or malware that target automated teller machines (ATMs) have been detected since last year, with one of them blamed for a string of ATM thefts in Mexico and the Ukraine.

Malaysian police have not revealed the malware they suspect was used by thieves to infect 18 ATM machines nationwide over the past three days, resulting in the loss of more than RM3 million (S$1.1 billion).

The explanation by police on how the thieves took control of the machines suggests that either malware programme may have been used.

The first, Backdoor.Ploutus was detected on Sept 4 last year, while the second, Backdoor.Padpin, was discovered on May 9, according to antivirus firm Symantec's threat listing website; (

Both are trojan programs, a type of malware that secretly carries out certain actions in the infected computer when activated.

Police said the thieves inserted a CD-ROM into each of the machines and launched the "ulssm.exe" file which infects the ATM.

They then entered a code using the ATM's keypad that enabled them to withdraw the cash from the machine.

Backdoor.Padpin creates the "ulssm.exe" file in the infected ATM as one of the steps to take control of the machine.

Backdoor.Ploutus allows an attacker to control an ATM using a mobile phone connected to the machine.