BANGKOK (Reuters) - Thai police investigators on Wednesday (Aug 31) said they are seeking a Russian man suspected of using malware to withdraw 12 million baht (S$473,000) from dozens of cash machines across the country.
Police earlier said a group of foreign hackers made off with around the cash by inserting cards installed with malware into at least 18 cash machines run by Thailand's state-run Government Savings Bank in July.
It follows similar attacks in Taiwan in July, which saw thieves withdraw more than US$2 million from First Bank ATMs, and is part of growing attacks on ATMs across Asia. "We have a warrant for a 29-year-old man from Russia but from our investigations at least another two are involved," Thai Police General Panya Mamen told reporters.
"He travelled from Beijing, China, and came to Thailand on July 14 and withdrew money in ATMs in Phuket and Bangkok, altogether in 18 locations, before flying out to Moscow," said Panya, adding that police have not yet arrested the suspect.
The Government Savings Bank said customers' money was not affected by the thefts.
FireEye, a California-based cyber security company, said in a statement last Friday that it had detected a potentially new ATM malware sample that may be linked to the Thailand attacks.
The malware, dubbed Ripper, interacts with the ATM by inserting a specially manufactured ATM card with a chip that serves as an authentication mechanism, the security firm said.
"We've identified a family of malware that may have been used in recent ATM robberies," said FireEye. "In addition to requiring technical sophistication, attacks such as that affecting the ATMs in Thailand require coordination of both the virtual and the physical. This speaks to the formidable nature of the thieves."
Thailand has long been a hub for both Thai and foreign cyber criminals.