Skip to main content
  1. Home
  2. Web
  3. News

Thieves can steal cash by texting an ATM with latest malware

John Casaretto
By

atm malware thieves
Image used with permission by copyright holder
In 1983’s largely forgettable and campy Superman III, Richard Pryor’s “hacker” character makes cash spew out of a comically ancient ATM machine. In 1991’s Terminator 2: Judgement Day, Edward Furlong’s John Connor character hacked an ATM with an ATARI, and a whole new generation of hacker dreams were born. At last, finally, someone pulled off the inevitable by creating malware that targets ATMs, and the payoff is cold hard cash — on demand.

This malware was first detected in the wild by Proofpoint, a security firm that found it in Mexico. The culprit is known as GreenDispenser, and like much ATM malware, it infects the target machines through a boot-enabled CD-ROM drive. The exploit is a piece of middleware that is installed by a number of ATM vendors. With just a few commands, the thief can empty an entire machine. After the heist, the malware deletes itself, seemingly in order to evade detection.

Text to Cash

Recommended Videos

Like most malware, the schemes involving ATM infections are evolving. For example, a first generation version of GreenDispenser required the hacker to issue special commands through the PIN pad or an external keyboard. The latest version can be controlled via text messages. Once infected and activated, the malware displays a status message on the main ATM screen that says the machine is out of service:

greendispenser-3
Image used with permission by copyright holder

It would seem the thieves don’t want anyone else taking the cash they’ve worked so hard to get.

Related

The industry is on notice; dismissing this as a threat that only affects other countries would be a mistake. Although this exploit was initially found in Mexico, the report describes English messages throughout the latest version. The forces behind this infection are apparently intent on spreading into new territories.

Various malware types have been discovered in recent months, which indicates a very bold escalation in number of attempts, and targeting is underway.  If there is any good news in these developments, it would have to be that thus far, the infections require privileged physical access to the system. In other words, ATMs can only be infected with assistance — or as they say in television detective dramas, “someone on the inside.”

ProofPoint advises:

ATM malware continues to evolve, with the addition of stealthier features and the ability to target ATM hardware from multiple vendors. While current attacks have been limited to certain geographical regions such as Mexico, it is only a matter a time before these techniques are abused across the globe. We believe we are seeing the dawn of a new criminal industry targeting ATMs with only more to come. In order to stay ahead of attackers financial entities should reexamine existing legacy security layers and consider deploying modern security measures to thwart these threats.

Consumers should practice awareness at all times and report if they see anything suspicious.

Editors' Recommendations

Topics
John Casaretto
John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
How to create a Subreddit on desktop and mobile
Laptop Working from Home

Few social media sites are as popular as Reddit. Regardless of what you're interested in, there's probably a thriving community for you to interact with on the platform. Known as subreddits, these communities are home to topics like gaming, world news, science, movies, and more. If you can't find a subreddit with your particular interest, Reddit makes it easy to create your own Reddit community.

Running a successful Reddit community isn't easy – but the process of starting one only takes a few minutes. Keep in mind that you'll want to keep a close eye on your subreddit to prevent it from being shut down or turning into a wasteland with no users, but running a subreddit can be a lot of fun when done properly. If you prefer, you can also create a private community that only your friends can join, giving you a place to hang out beyond Twitter and TikTok.

Read more
How to download music from YouTube on desktop and mobile
A woman sitting on a couch, wearing airpods and holding and looking at a smartphone.

Downloading music from YouTube is a fairly common practice, and the demand for making the process easier has inspired the creation of countless websites and software.

But not every service can be considered safe. In fact, some of these services may infect your computer with malware or produce poor-quality audio files. When downloading music from YouTube, you’ll need to first make sure that the websites or apps you use for doing so won’t hurt your device. For this guide our team has found two methods to make the process safer and easier.

Read more
How to clear your browser cache in Chrome, Edge, or Firefox
The Firefox iPhone app.

A stocked computer cache may be convenient for logging into and out of go-to sites in seconds flat, but a major buildup of these tracking codes could significantly impact your PC’s performance. If you’ve noticed that your PC has been running rather slow of late, or you’re using a new browser and don’t know how to clear its cache, we’ve got you covered with the following guide.

Read more