Hackers Stole Money From Israeli Bank Accounts via ATMs, Analysts Claim

Russian cyber security firm says ATMZombie combined sophisticated online attacks with mules who would collect the cash.

Send in e-mailSend in e-mail
Israeli currency, November 25, 2008.
Israeli currency, November 25, 2008.Credit: Bloomberg

Israeli bank clients lost hundreds of thousands of dollars in an operation that combined sophisticated computer hacking with the simple tactic of employing local teenagers to physically take cash out of automated teller machines.

The theft, which involved amounts of money never exceeding $750, was revealed over the weekend in a blog post by the Russian cyber security firm Kaspersky Lab. It was done using what researchers dubbed the ATMZombie Trojan because it involved hiring teenagers as mules, or zombies, to collect the money.

“The technique allowed the attackers to stay anonymous and supervise the entire campaign remotely. It also points to a new type of attack, where attackers control residents of a country to operate as an insider and deliver a basic service,” researchers for the company said in a blog post.

Police and the banks — none of which were identified — were alerted to the threat, blocked it and compensated clients who lost money through the scheme, Kaspersky said.

Kaspersky said it first identified the ATMZombie last November and more recently discovered it was being used in a cyberattack campaign focused on Israeli bank accounts. It said the hackers used a phishing campaign, rather than a mass spam emailing, to lure victims, so that each email or link was addressed to a specific victim or bank.

“This requires either very good intelligence-gathering techniques or an insider that can, legitimately or not, get a hold of the list of clients,” the blog said.

According to Kaspersky’s analysis, the Trojan that victims unknowingly downloaded into their computers would wait for the victim to log in to his or her bank account and then steal its credentials. It would then log in on its own using the victim’s name and use the SMS feature to send money to the so-called ATMZombie.

Instead of relying only on direct wire-transfer or trading credentials, the hackers exploited a loophole in one of the bank’s online features and used it to physically withdraw money from an ATM by a mule who likely had no idea he or she was part of a larger scheme.

The mules, who likely were paid a small percentage of the stolen cash for their work, forwarded the money to the hackers via the post office or other channels, Kaspersky said.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


Palestinians search through the rubble of a building in which Khaled Mansour, a top Islamic Jihad militant was killed following an Israeli airstrike in Rafah, southern Gaza strip, on Sunday.

Gazans Are Tired of Pointless Wars and Destruction, and Hamas Listens to Them

Trump and Netanyahu at the White House in Washington, in 2020.

Three Years Later, Israelis Find Out What Trump Really Thought of Netanyahu

German soldier.

The Rival Jewish Spies Who Almost Changed the Course of WWII

Rio. Not all Jewish men wear black hats.

What Does a Jew Look Like? The Brits Don't Seem to Know

Galon. “I’m coming to accomplish a specific mission: to increase Meretz’s strength and ensure that the party will not tread water around the electoral threshold. If Meretz will be large enough, it will be the basis for a Jewish-Arab partnership.” Daniel Tchetchik

'I Have No Illusions About Ending the Occupation, but the Government Needs the Left'

Soldiers using warfare devices made by the Israeli defense electronics company Elbit Systems.

Russia-Ukraine War Catapults Israeli Arms Industry to Global Stage