Bonum Certa Men Certa

"FASTCash" is Not a "Linux" Thing, It Was Merely Extended to Also Have a Variant for Already-Compromised Ubuntu 22.04

posted by Roy Schestowitz on Oct 18, 2024

Johnny Cash museum sign at Nashville, Tennessee

SOME days ago we spotted and took note of this article from a Microsoft-connected site. We thought it was safe to ignore because it was just one piece, it seems like overhyped (or dramatised, anti-Linux) "reporting" that wrongly attributes to Linux something that can merely run on some old version of it, and we didn't want to give it undeserved attention. A quick rebuttal in editorial comments is typically enough. But hours later we saw lots of this in "news" sites, typically citing the Microsoft-connected site, e.g. [1-7].

An associate explained that "it is part of a trend of disparaging "Linux" and OSS in general. As mentioned earlier [previous articles, too] it is very likely to accompany the lobbying taking place at the moment in DC."

"Same for the push for 'passkeys' and other proprietary gimmicks, all of which increase surveillance and reduce options -- especially FOSS options. Andy wrote about this last month."

From what we can gather, all the articles below basically say that there is some bit of malicious software and it can be executed in several operating systems. Recently it was also seen executed on Ubuntu 22.04, but that does not mean that this software can just break into Ubuntu 22.04. It's most likely the case that some weak password, misconfiguration or badly out-of-date software lets someone get in, then install the malware.

Is that the fault of Linux? No. But notice these daunting headlines.

Related/contextual items from the news:

  1. North Korean hackers utilizing Linux tool to hack ATMs

    North Korean hackers are using a new tool to steal cash from ATMs: a Linux variant of FASTCash malware. This malware has been used in some form since 2016 and has stolen tens of millions of dollars in cash through unauthorized withdrawals at ATMs, according to a report by Bleeping Computer.

  2. A new Linux variant of FASTCash malware targets financial systems

    North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed.

    The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The variant discovered by the researcher was previously unknown and targets Ubuntu 22.04 LTS distributions.

  3. North Korean hackers use newly discovered Linux malware to raid ATMs

    In the beginning, North Korean hackers compromised the banking infrastructure running AIX, IBM’s proprietary version of Unix. Next, they hacked infrastructure running Windows. Now, the state-backed bank robbers have expanded their repertoire to include Linux.

    The malware, tracked under the name FASTCash, is a remote access tool that gets installed on payment switches inside compromised networks that handle payment card transactions. The US Cybersecurity and Infrastructure Security Agency first warned of FASTCash in 2018 in an advisory that said the malware was infecting AIX-powered switches inside retail payment networks. In 2020, the agency updated its guidance to report FASTCash was now infecting switches running Windows as well. Besides embracing Windows, FASTCash had also expanded its net to include not just switches for retail payments but those handled by regional interbank payment processors as well.

  4. North Korea Hackers Get Cash Fast in Linux Cyber Heists

    North Korean threat actors are using a Linux variant from a malware family known as "FASTCash" to conduct a financially motivated cyber campaign.

  5. A new Linux-based FASTCash malware steals money from ATMs

    The new FASTCash malware has a new variant for Linux that helps North Korean hackers breach ATMs and execute unauthorised money withdrawals.

    According to reports, previous malware versions could only target IBM and Windows computers, but a new variant has emerged that can target the Ubuntu 22.04 LTS distributions.

  6. North Korean Hackers Deploy Linux FASTCash Malware for ATM Cashouts

    North Korean hackers target Linux-based payment switches with new FASTCash malware, enabling ATM cashouts. Secure your financial infrastructure and protect against these sophisticated attacks with expert cybersecurity solutions.

  7. FASTCash GNU/Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
    As malware threats evolve to increasingly target GNU/Linux systems, admins and organizations must stay up-to-date on the latest GNU/Linux malware variants and strategies for detecting and preventing attacks. Security researcher HaxRob recently discovered a new GNU/Linux variant of the FASTCash malware , which targets payment switches to enable unauthorized ATM withdrawals.

Other Recent Techrights' Posts

Richard Stallman's Talk at Georgia Tech is Just 2 Days Away
We're still curious to see how malicious people (or trolls) in social control media will try to slant his talk as "bad"
The "Alicante Mafia" - Part VII - The Industrial Actions Began Yesterday, Here's Why
The "Alicante Mafia" might not last much longer
openai.com Traffic Said to Have Fallen 50% in the Past Three Months, Reports Say It Nearly Ran Out of Money to Borrow
After the slop frenzy all we'll have left is environmental destruction
 
Links 21/01/2026: "Snap Settles Lawsuit on Social Media Addiction" and Attempts in the US to Revive Software Patents
Links for the day
Links 21/01/2026: Microsoft 'Open' 'Hey Hi' in More Trouble, US Has "Brown Shirts" Problem
Links for the day
Yesterday Afternoon The Register MS Published Paid Microsoft SPAM Disguised as an Article About "AI PCs"
The Register MS cannot help itself, can it? [...] Follow the money.
Microsoft's XBox is in Effect Dead Already, Now It's a Streaming and Advertising Platform
Expect many layoffs soon
EPO's Web Site Misused for Propaganda About Illegal Kangaroo Courts to Distract From EPO Scandals and Judicial Crisis in Europe
UPC is illegal and unconstitutional
Gemini Links 21/01/2026: Edible Circuits and "Sayonara HTTP"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 20, 2026
IRC logs for Tuesday, January 20, 2026
IBM Hides Its Own Destruction (and Red Hat's)
It's like scenes out of '1984', which is what a now-famous advertisement from Apple compared IBM to
LLM Slop Not Dead Yet, Examples of Slop About "Linux"
We wish to see the totals down to zero
Links 20/01/2026: Cheeto Blackmails France Into 'Peace' While Looking to Annex EU, Mass Layoffs in Capgemini (Microsoft Reseller/Promoter) in France
Links for the day
Gemini Links 20/01/2026: Boxing and "Inbox Zero" Success
Links for the day
Windows and Slop Declining While Microsoft Silences Critics
Microsoft tries to suppress facts while faking 'demand' by imposing slop on everybody, everywhere
IBM Kills OzLabs, Signalling An Attack on Free Software (a Sign for Red Hat)
ibiblio also appears to have died (or experiences critical issues)
Red Hat Vice President Leaving After Nearly Two Decades
IBM's culture of secrecy is not compatible with Free software
Links 20/01/2026: "ChatGPT Health" (Latest Distraction From Being Insolvent) Flops and Raises Concerns, "The U.S. Military Faces a Reckoning on Greenland"
Links for the day
Rudeness and Vulgarity Won't Stop Journalism About Free Software
we seem to be on the right path
Readers Pleased With Layout Changes
Two days ago we began improving clarity and accessibility in the site
IBM Plans for Layoffs Becoming Clearer With "Employee Reviews"
Of course this impacts Red Hat as well
IBM is Outsourcing Red Hat's Fedora to Slop to 'Save Money'
If IBM cared about quality rather than alleged "cost savings" (cutting corners), it would assign more IBM staff to Fedora, but instead the exact opposite happened, with the likes of Cotton and Miller removed from the project
European Patent Office (EPO) Industrial Actions Formally Start in Two Hours
As per the latest (revised) action plan, today workers will slow down their work and limit patent grants
Microsoft Under Fresh Investigation by the Italian Competition Authority
In 2025 we kept a running tally of 30,000+ Microsoft layoffs, so 40k this year would not be unthinkable
The "Alicante Mafia" - Part VI - More Strikes Planned at the EPO, Starting This Month
Yesterday we said that friends of Berenguer or inside Berenguer's circle may have left
Gemini Links 20/01/2026: New Tea, Using a Roku at a Hotel, and "Voltage-Based Power Management for Any Raspberry Pi"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 19, 2026
IRC logs for Monday, January 19, 2026
If You Don't Want "Linux" to Become "Windows", Then Follow GNU
GAFAM isn't a friend of Linux; it's only a user in the same sense clients are "users" of a brothel
Links 19/01/2026: National Broadcasters on World or Local Affairs Up to a Week Ago
Links for the day
Gemini Links 19/01/2026: Game Boy and "The Lounge" (IRC) for the Elderly
Links for the day
Slopfarms in Google News (at Least Three Today) With Fake 'Articles' About "Linux"
Google itself is trying to promote its own slop ("Overview") at the expense of original and credible sources
Links 19/01/2026: ChatGPT’s Defects and The Guardian on Why So-called "AI Companies Will Fail"
Links for the day
This is What the Slop Bubble Popping Can Look Like
Maybe not an overnight collapse, but getting there gradually
IBM Quiet About Its Plan for Red Hat Amid Accelerated Bluewashing
Something is going on at Red Hat
The "Alicante Mafia" - Part V - It Seems Like Some People Are Already Leaving "The Mafia"
they have a rough idea of what's coming
Microsoft Means War, Microsoft is on the Side of ICE
Microsoft, people-ready
More Confirmatory Rumours Regarding "Massive" Red Hat Layoffs
Ecosystem and sales said to be targeted
Proprietary UNIX is What We'll Have If IBM Red Hat Gets Its Way
IBM Red Hat wants to control everything, even if that means killing everybody
Free Software in Times of Peace (and Times of War, Too)
GAFAM and IBM are war companies
Founder of GNU/Linux (RMS) Speaks in US University (College) This Week
The auditorium has very high capacity and this is his "college comeback" talk in the United States
Office Meetings Are Most Useful to the Least Productive Workers
In my "office life" days I really didn't like meetings
LinuxSecurity and Linuxiac Are Still Slopfarms, Even Anthony Pell Does It
We suppose waiting another month or another year won't change a thing
Claim That the Board of Directors at IBM Isn't Happy With How the Company is Run
IBM tries to project an image of strength to the whole world, especially to its clients
Links 18/01/2026: Legal Trouble for xAI, Climate Concerns, Data Breaches and More
Links for the day
'Vibe Coding', Chatbots, and Other Bots (e.g. "Agents" Disguised as "Superintelligence") Aren't Saving You Time
False marketing, FOMO marketing tactics
Gemini Links 19/01/2026: Analog Cameras and Plucker in 2026, US Losing Acceptability in Europe
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 18, 2026
IRC logs for Sunday, January 18, 2026