Security firm Proofpoint has noticed some instances of a new ATM malware called GreenDispenser. Hackers can empty the whole ATM machine without leaving any trace as the malware uses a deep delete process to erase itself.
Anew type of ATM malware has been detected by security researchers in Mexico. The malware enabled the cybercriminals to take the complete control of the cash dispensing machines.
The security firm Proofpoint has reported that it has noticed some instances of a malware called GreenDispenser that gives a fake error message that reads, “we regret this ATM is temporary of service”. So far the attacks have been centred on Mexico, but the researchers think that it could be easily implemented anywhere in the world.
This ATM malware leaves no trace of its activities as it uses a deep delete process that helps hackers to erase all the tracks of crime.
As the ATMs show the error message, only the hacker can bypass this error and empty all the cash. This malware uses two-factor authentication that could be bypassed using a pin code that has been earlier hard-coded into the system. After this, the hacker uses the smartphone to scan the OR code that is seen on the ATM screen.
This malware is suspected to be an insider’s job as it required physical access to the ATM.
Kevin Epstein, vice president of threat operations for Proofpoint, said, “ATM malware such as GreenDispenser is particularly alarming because it allows cyber criminals to attack financial institutions directly, without the extra steps required to capture credit and debit card information from consumers – and with correspondingly less traceability.”
The GreenDispense ATM malware has a self-destruct mechanism. So, it only works till a certain date and then disappears.
In recent years, ATM malware instances are on the rise. To keep themselves safe from such attacks, financial institutions must re-examine their security layers and consider modern security methods to counter these threats.
Have something to add? Tell us in the comments below.