FASTCash, the malware used by Lazarus to steal millions of ATMs

The multinational company Symantec has published the results of its investigation into the wave of financial attacks perpetrated by Lazarus, which it carried out following an alert issued by US-CERT on these activities, stating that the group had been stealing money from ATMs in Asian and African banks, through FASTCash attacks, since at least 2016.

According to the report, in order to perform the fraudulent extraction of money, Lazarus first breaks the networks of the target banks and compromises the application servers that handle the ATM transactions, and then deploys the malware (Trojan.Fastcash) that will intercept the fraudulent requests and send false approval responses allowing the theft of money.

With this method, according to the U.S. government's alert, in one incident in 2017, cash was withdrawn from ATMs in more than 30 different countries simultaneously, while another incident in 2018 affected 23 countries. To date, Operation FASTCash is estimated to have stolen tens of millions of dollars.