Crypto ATM operator General Bytes said that despite security measures, the company’s crypto application server (CAS) was compromised in a zero-day attack.
General Bytes reported in a blog post that using the vulnerability, hackers scanned open servers running on TCP ports 7777 or 443, including servers hosted on the company’s own cloud service. The attackers then added themselves as the default administrator with the name “gb” and proceeded to change the “buy” and “sell” settings so that any cryptocurrency received from the ATMs would be transferred to their address.
“The attackers were able to create an admin user remotely through the CAS administrative interface by calling a URL on the page that is used to install the default on the server and create the first admin user,” the blog says.
General Bytes claims that there have been multiple security reviews since its inception in 2020, none of which have identified this vulnerability. It came after the CAS software was updated to version 20201208 on August 18. The company urged customers to refrain from using ATMs until the server was updated to version 20220725.22 or 20220531.38 for customers running on 20220531.
Users were advised to change their server firewall settings so that only authorized IP addresses can access the CAS admin interface. Before reactivating terminals, customers are advised to check the “sale” settings to make sure that hackers have not changed them.
Recall that in 2018, the Tokyo-based cybersecurity company Trend Micro discovered software for hacking crypto ATMs.
Source: Bits
I’m James Harper, a highly experienced and accomplished news writer for World Stock Market. I have been writing in the Politics section of the website for over five years, providing readers with up-to-date and insightful information about current events in politics. My work is widely read and respected by many industry professionals as well as laymen.
