Skip to main content

Thieves can steal cash by texting an ATM with latest malware

atm malware thieves
In 1983’s largely forgettable and campy Superman III, Richard Pryor’s “hacker” character makes cash spew out of a comically ancient ATM machine. In 1991’s Terminator 2: Judgement Day, Edward Furlong’s John Connor character hacked an ATM with an ATARI, and a whole new generation of hacker dreams were born. At last, finally, someone pulled off the inevitable by creating malware that targets ATMs, and the payoff is cold hard cash — on demand.

This malware was first detected in the wild by Proofpoint, a security firm that found it in Mexico. The culprit is known as GreenDispenser, and like much ATM malware, it infects the target machines through a boot-enabled CD-ROM drive. The exploit is a piece of middleware that is installed by a number of ATM vendors. With just a few commands, the thief can empty an entire machine. After the heist, the malware deletes itself, seemingly in order to evade detection.

Text to Cash

Like most malware, the schemes involving ATM infections are evolving. For example, a first generation version of GreenDispenser required the hacker to issue special commands through the PIN pad or an external keyboard. The latest version can be controlled via text messages. Once infected and activated, the malware displays a status message on the main ATM screen that says the machine is out of service:


It would seem the thieves don’t want anyone else taking the cash they’ve worked so hard to get.

The industry is on notice; dismissing this as a threat that only affects other countries would be a mistake. Although this exploit was initially found in Mexico, the report describes English messages throughout the latest version. The forces behind this infection are apparently intent on spreading into new territories.

Various malware types have been discovered in recent months, which indicates a very bold escalation in number of attempts, and targeting is underway.  If there is any good news in these developments, it would have to be that thus far, the infections require privileged physical access to the system. In other words, ATMs can only be infected with assistance — or as they say in television detective dramas, “someone on the inside.”

ProofPoint advises:

ATM malware continues to evolve, with the addition of stealthier features and the ability to target ATM hardware from multiple vendors. While current attacks have been limited to certain geographical regions such as Mexico, it is only a matter a time before these techniques are abused across the globe. We believe we are seeing the dawn of a new criminal industry targeting ATMs with only more to come. In order to stay ahead of attackers financial entities should reexamine existing legacy security layers and consider deploying modern security measures to thwart these threats.

Consumers should practice awareness at all times and report if they see anything suspicious.

Editors' Recommendations

John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
Just hovering over a link in PowerPoint can now infect your system with malware

Most often, you need to actually click on a link or run a program in order to get infected with a virus or other malware. Sometimes, however, black hat hackers figure out a way to infect a machine without the user doing anything at all.

That is the case with a new PowerPoint malware, which was discovered security company Trend Micro. This particular attack merely needs users to hover over a link with their mice in order to install a banking Trojan that has remote access, network traffic monitoring, information access, and other nefarious capabilities.

Read more
Snake, the latest MacOS malware, makes its way over from Windows

Increasingly, the idea that MacOS does not suffer from the same malware threats as Windows is going out the window. MacOS suffers from some of the same kinds of attacks which make their way over from Windows.

One recently discovered example of a cross-platform attack is a fake Adobe Flash Player installer that bypasses the Gatekeeper feature introduced in MacOS Lion. Dubbed "Snake," the malware injects malicious backdoor files into the MacOS file system, makes them persistent, and then uses them to access and pass along sensitive materials, the Fox-IT blog reports.

Read more
This new Mac malware freezes your computer with email drafts
mac malware dos email drafts malwarebytes mail

A new form of malware is targeting Macs and launching denial-of-service attacks on users by creating multiple email drafts that crash the computer.

The method is simple but devious. According to security company Malwarebytes, which analyzed the malware with the help of researcher @TheWack0lian, it exploits vulnerabilities in the Safari browser and Mail app. Once operating, the malware starts creating countless email drafts, which uses up tons of memory and causes the computer to freeze.

Read more