Hackers are using a new strain of malware, dubbed GreenDispenser, to infect ATMs and then drain the machine of all its cash, researchers at ProofPoint have revealed.
Once Installed, the malware displays an ‘out of service’ message on the ATM. However these clever attackers can still enter a specific PIN and take the cash and the erase all trace of the malware by using a “deep delete” process, leaving little trace of how the machine was robbed.
Evidence suggests that GreenDispenser, which so far has only affected ATMs in India and Mexico, has to be installed manually. But ProofPoint believes it is only a matter of time before these techniques are abused across the globe. It has the ability to target ATM hardware from multiple vendors using the XFS standard, widely adopted by various ATM vendors.
In a blog posting, the researchers said that the “initial malware installation likely requires physical access to the ATM, raising questions of compromised physical security or personnel. The malware seems to be operated by hackers with the help of a mobile application, using a QR reader to generate a PIN that is then use to access the machine”.
More IT Security News at www.itsecurityguru.org
@IT_SecGuru