A recent malware known as Tyupkin and Padpin has been discovered by Europol, which is being used by attackers to conduct a new type of attack which is commonly being known as "jackpotting attacks". This malware was first analyzed in 2014 by the Kaspersky labs since its presence was noted in more than 50 machines in eastern europe. It is known for its capability to enable its operators to withdraw money from ATMs without cards.
Romania's Directorate for Investigating Organised Crime and Terrorism (DIICOT) stated that the arrested individual are under suspicion of establishing an organised criminal group, illegally accessing computer systems, causing computer fraud, disrupting information systems, alternating data integrity, operating devices and software illegally and destructing property.
A damage of approximately $217,000 is claimed to have caused by the suspects, residents of Romania and the Republic of Moldova. A group, led by the Moldovan national Solozabal Cuartero Rodion and Romanian national Mihaila Sorin, have been targeting various ATMs in Europian countries, primarily Romania, Hungary, the Czech Republic, Spain and Russia, as reported by the Romanian prosecutors.
The group set a characteristic method of dispensing cash in small transactions of $1000 rather than sweeping the machines in one go. Once the machine dispenses all the cash, the malware would automatically be removed from the machine. Since these attacks cause serious harm to the ATMs, European ATM Security Team (EAST) and Europol had published certain guidelines last year to help the members of law enforcement and the industry to counter the threat and in September, the security firms started reporting two new malware families. One of these, known as GreenDispense, is found similar to Tyupkin as it uses the machine's PIN pad to empty the vault. The other, called Suceful, acts as a captor for cards inserted by cardholders into ATMs.