Re: WTF!
That struck me as well, but on reading the article, ElReg is wrong: the EMV card is not the infection vector as they mistakenly wrote. It's only the authentication mechanism.
From the original:
"RIPPER interacts with the ATM by inserting a specially manufactured ATM card with an EMV chip that serves as the authentication mechanism. Although this technique was already used by the Skimmer family, it is an uncommon mechanism."
EMV cards do not have the ability to contain the amount of data needed for an infection, let alone to automatically install software on the host.
In fact, the original article does not explain how the ATMs are infected, but the choice of a country with a less-than-stable society could imply some insider help.
Biting the hand that feeds IT
