This article is more than 1 year old

Metel malware pops bank, triggers 15 percent swing in Russian Ruble

ATM hacking tool used to place $500 million in orders.

Hackers caused the Russian Ruble to swing 15 per cent in minutes by hacking a bank with a newly-discovered and highly capable malware.

The "Metel" or "Corkow" malware was used to break into the Kazan-based Energobank and place on its behalf some US$500 million (£344 million, A$702 million) in orders, sufficient to swing currency markets and trigger an investigation by the Russian Central Bank.

The attack caused a 14 minute swing between 55 and 66 rubles per dollar that was markedly different from the normal rate, the Russian Central Bank said in a statement (Russian).

It caused the bank to reportedly lose 244 million rubles (US$3.2 million, £2.2 million, A$4.5 million)

Group-IB told Bloomberg there is no evidence the hackers profited from the attacks that may have been a test for further assaults.

"This is the first documented attack using this virus and it has potential to do much more damage," Group-IB’s intelligence head Dmitry Volkov said.

Metel has infected some 250,000 machines and an estimated 100 financial institutions, according to Russian forensics firm Group-IB.

Russian security firm Kaspersky reported the malware was used in complex ATM raids against banks in that country.

Metel had served as a beachhead into bank networks allowing hackers back at based to reverse ATM transactions as partners on the street withdrew cash from the machines.

One bank lost tens of thousands of dollars in a single night of ATM hopper draining. ®

More about


Send us news

Other stories you might like