A fresh strain of ATM malware dubbed GreenDispenser is being used by hackers to drain cash from infected machines, according to researchers at security firm Proofpoint. Once installed, the malware can display an “out of service” message on the ATM, yet attackers remain able to enter a specific PIN to drain money from the machine and even erase the malware by using a “deep delete” process. Evidence suggests that GreenDispenser, which so far has only affected ATMs in Mexico and India, has to be installed manually. “Initial malware installation likely requires physical access to the ATM, raising questions of compromised physical security or personnel,” Thoufique Haq, threat researcher at Proofpoint, wrote in a blog post. The malware seems to be operated by hackers with the help of a mobile application, using a QR reader to generate a PIN that is then used to access the machine.
View full story