CONTINUE TO SITE »
or wait 15 seconds

News

New ATM malware variant discovered on Mexican ATMs

ATM malware exhibiting stealthier features and multivendor capability heralds 'the dawn of a new criminal industry targeting ATMs,' says the firm that discovered GreenDispenser.

September 25, 2015

Proofpoint, a provider of cybersecurity solutions, has discovered a new variant of ATM cash-out malware, which it is calling "GreenDispenser."

A blog by Proofpoint said that GreenDispenser allows an attacker to walk up to an infected ATM and, with a series of pinpad entries, direct the machine to dispense all of its cash.

Once this has been accomplished, the attacker initates a "deep delete" of GreenDispenser, leaving virtually no trace of the malware, the blog said.

As with other known malware variants such as Ploutus and Suceful, GreenDispenser must be physically installed on the machine — usually via thumbdrive or CD-ROM.

Also, according to the Proofpoint blog:

GreenDispenser like its predecessors interacts with the XFS middleware, which is widely adopted by various ATM vendors. The XFS middleware allows software to interact with the peripherals connected to the ATM such as the pinpad and the cash dispenser by referencing the specific peripheral name. ... It achieves this by querying for peripheral names from the registry hive before defaulting to hardcoded peripheral names.

But, the blog noted, GreenDispenser also exhibits new developments, such as two-factor authentication — by static and dynamic PIN — of the individual conducting the cash-out at the ATM, ensuring top-down control of the operation.

Additionally, the malware was programmed to self-delete after September 2015, indicating that it was intended for use in a limited operation.

Proofpoint concluded:

ATM malware continues to evolve, with the addition of stealthier features and the ability to target ATM hardware from multiple vendors. While current attacks have been limited to certain geographical regions such as Mexico, it is only a matter a time before these techniques are abused across the globe. We believe we are seeing the dawn of a new criminal industry targeting ATMs with only more to come. In order to stay ahead of attackers financial entities should reexamine existing legacy security layers and consider deploying modern security measures to thwart these threats.

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Featured Vendor

Industry leader since 1986, ACG operates offices in Atlanta, Las Vegas, London, and Poland. Providing ATM hardware and services to financial institutions, ATM service providers and gaming industries. ACG is proud to be a Master Distributor of the ATEC LTA-450, LTA-380 and LTA-100 Teller Cash Recyclers.

Learn More
Recent Posts


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'