Các bài viết liên quan:
Machine manufacturer Bitcoin ATMGeneral Bytes has confirmed that it was the victim of a cyber attack that exploited a previously unknown vulnerability in its software to rob users of cryptocurrency.
“An attacker can create a remote admin user through the CAS admin interface via a URL call on the page used to install defaults on the server and create the first admin user,” the company said. said in an advisory last week. “This vulnerability has been present in the CAS software since version 2020-12-08.”
It was not immediately clear how many servers were compromised using this vulnerability and how much cryptocurrency was stolen.
CAS stands for Crypto Application Server, a self-hosted product from General Bytes that allows companies to manage Bitcoin ATMs (BATMs) from a central location through Web browser on desktop or mobile devices.
The zero-day vulnerability, related to a bug in the CAS administration interface, has been mitigated in two server patches, 20220531.38 and 20220725.22.
General Bytes says an identified anonymous threat actor is running CAS services on ports 7777 or 443 by scanning the DigitalOcean cloud storage IP address space, followed by abusing the vulnerability to add users. new default admin named “gb” to CAS.
“The attacker modified the cryptocurrency settings of the two-way machines with his wallet settings and ‘invalid billing address’ settings,” it said. “Two-way ATMs start transferring money to the attacker’s wallet when the customer sends money [the] ATM.”
In other words, the goal of the attack is to modify the settings in such a way that all funds will be transferred to a digital wallet address under the control of the adversary.
The company also emphasized that it has carried out “multiple security checks” since 2020 and that the flaw has never been identified, adding that the attack occurred three days after publicly announcing the calculation. “Help Ukraine” feature on its ATMs.
.
