Hackers Stole Money From Israeli Bank Accounts via ATMs, Analysts Claim

Russian cyber security firm says ATMZombie combined sophisticated online attacks with mules who would collect the cash.

Israeli currency, November 25, 2008.
Israeli currency, November 25, 2008.Credit: Bloomberg

Israeli bank clients lost hundreds of thousands of dollars in an operation that combined sophisticated computer hacking with the simple tactic of employing local teenagers to physically take cash out of automated teller machines.

The theft, which involved amounts of money never exceeding $750, was revealed over the weekend in a blog post by the Russian cyber security firm Kaspersky Lab. It was done using what researchers dubbed the ATMZombie Trojan because it involved hiring teenagers as mules, or zombies, to collect the money.

“The technique allowed the attackers to stay anonymous and supervise the entire campaign remotely. It also points to a new type of attack, where attackers control residents of a country to operate as an insider and deliver a basic service,” researchers for the company said in a blog post.

Police and the banks — none of which were identified — were alerted to the threat, blocked it and compensated clients who lost money through the scheme, Kaspersky said.

Kaspersky said it first identified the ATMZombie last November and more recently discovered it was being used in a cyberattack campaign focused on Israeli bank accounts. It said the hackers used a phishing campaign, rather than a mass spam emailing, to lure victims, so that each email or link was addressed to a specific victim or bank.

“This requires either very good intelligence-gathering techniques or an insider that can, legitimately or not, get a hold of the list of clients,” the blog said.

According to Kaspersky’s analysis, the Trojan that victims unknowingly downloaded into their computers would wait for the victim to log in to his or her bank account and then steal its credentials. It would then log in on its own using the victim’s name and use the SMS feature to send money to the so-called ATMZombie.

Instead of relying only on direct wire-transfer or trading credentials, the hackers exploited a loophole in one of the bank’s online features and used it to physically withdraw money from an ATM by a mule who likely had no idea he or she was part of a larger scheme.

The mules, who likely were paid a small percentage of the stolen cash for their work, forwarded the money to the hackers via the post office or other channels, Kaspersky said.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


United Arab List chairman Mansour Abbas in the Knesset on Monday.

Arab Voters Will Decide if Israel's Far-right Wins Power

A young Zeschke during down time, while serving with the Wehrmacht in Scandinavia.

How a Spanish Beach Town Became a Haven for Nazis

Ayelet Shaked.

What's Ayelet Shaked's Next Move?

נתניהו עם כיפה שחורה על הראש נשען בשתי ידיו על הכותל

Israel Is Heading for Its Most 'Jewish' Election Ever

An El Al jet sits on the tarmac at John C. Munro International Airport in Hamilton, Thursday, in 2003.

El Al to Stop Flying to Toronto, Warsaw and Brussels

FILE PHOTO: A Star of David hangs from a fence outside the dormant landmark Tree of Life synagogue in Pittsburgh's Squirrel Hill neighborhood in 2021.

American Judaism Is in Decline. That's Great News for American Jews