Hackers Exploit Zero-Day Bug, Steal Crypto from Bitcoin ATMs

General Bytes and the Vulnerability

Hackers have abused a zero-day vulnerability in General Bytes Bitcoin ATM servers to get cryptocurrency from customers. When customers would deposit or buy cryptocurrency via the ATM, the funds would be stolen by hackers.

General Bytes manufactures the Bitcoin ATMs that, according to the product, let people buy or sell more than 40 different cryptocurrencies.

Actors Exploit CAS Zero-day

Crypto Application Server (CAS) controls the Bitcoin ATMs, looks over the ATM’s operations, and the cryptocurrency it supports, and completes the sales and purchases of cryptocurrency on exchange forums.

The attacks were carried out using a zero-day vulnerability in the company’s Crypto Application Server (CAS). The hacker created an admin user remotely via CAS administrative interface through a URL call on the tab, using it for default installation on the server and therefore creating the first administration user. The vulnerability exists in the CAS software since version 20201208.

General Bytes believes that the threat actors searched the internet for exposed servers that run on TCP ports 443 or 7777, this includes servers hosted at Digital Ocean and General Bytes’ own cloud service.

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents