The Suceful Malware is not your typical everyday virus. In fact it is a brand creation that is unique in the fact of essentially being the first multi-vendor ATM targeted virus. Do not let the name fool you – Suceful is very dangerous and was named after a piece of code misspelled by the creators of the virus and upon anti-malware researchers stumbled upon.

Suceful targets the XFS Manager present in all ATM machines

The XFS Manager software component is responsible for communication between ATMs and vendors and thus it makes a lot of sense for Suceful to target it. It is, however, not the only target of the virus. Infected DLL files will be injected into the command sequence of the files that operate the basic functions of the ATM. From there Suceful obtains root access to all functions of the ATM and from that point basically anything is possible.

ATMs infected by  this virus are even susceptible to reprogramming and control from the PIN pad – a fact that greatly helps the thieves that use Suceful. The malware is able to record all data related to inserted credit cards – credit and debit data, payment account details and IDs, PIN passwords as they are entered. It is even capable of suppressing the in-built alarms that come with every ATM. Suceful is also able to trigger the card-withholding mechanism and block the user’s credit card in the device. This technique is usually utilized by thieves, which operate locally. They are able to immediately obtain the card and use the data stolen by Suceful to drain it of money. Needless to say that is the most direct and dangerous approach taken by the criminals. A much smarter approach would be to store the data and drain it online from a safe location. Because of this remember that if a card has been through a device infected by Suceful the PIN should be immediately changed with the help of another ATM not infected by this virus.

Method of spreading

It is too early in the life cycle of the virus to exactly determine how it propagates, but all research so far indicate that it uses corrupted USBs. Suceful can lie dormant within a data storage unit for an extended amount of time and infect all other data storages that come in contact with the USB device. As soon as it connects to a computer hooked to an ATM machine the virus will trigger itself and infect the XFS Manager and thus also the ATM.

Suceful is very dangerous and should be dealt with quickly and efficiently. All people who have used their cards on devices infected by Suceful should be informed of the danger and they should immediately block their accounts and change the PIN from an un-infected device. All USB devices that have come in contact with an infected ATM or it’s survice computer need to be scanned for malware and/or formatted if possible.


Type Trojan
Detection Tool

Remove SUCEFUL Malware

Search Marquis is a high-profile hijacker – you might want to see if you’re not infected with it as well.
You can find the removal guide here.


About the author

Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

Leave a Comment