Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software.
“The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using ‘batm’ user privileges,” the company said in an advisory published over the weekend.
The company said that the server to which the malicious Java application was uploaded was by default configured to start applications present in the deployment folder (“/batm/app/admin/standalone/deployments/”).
In addition to urging customers to keep their crypto application servers (CASs) behind a firewall and a VPN, it’s also recommending to rotate all users’ passwords and API keys to exchanges and hot wallets.
“The CAS security fix is provided in two server patch releases, 20221118.48 and 20230120.44,” General Bytes said in the advisory.
The ATM hack is the second breach targeting General Bytes in less than a year, with another zero-day flaw in its ATM servers exploited to steal crypto from its customers in August 2022.
Source: https://thehackernews.com/
