Saturday, 26 September 2015

Malware Allows Criminals Through Proper Code Empty ATM

Researchers have discovered a new instance of malware that criminals, after entering the correct PIN, the ATM shows empty. In recent years, several malware specimens found that money can be stolen from ATMs. The now discovered Green Dispensing malware is however designed to leave no trace after the theft.

The malware is doted with an effective removal process, says digital security company Proofpoint. To install Green Dispenser is likely to require physical access to the ATM, where Proofpoint does not exclude employees who are responsible for the security or control of the machine also play a role in infections. Once Green Dispenser operates like any ATM malware, but it also has several distinct features.

Thus the malware works only if it is the year 2015 and the month earlier than September. In addition, a kind of two-factor authentication is applied. Indeed, there are two PINs required to access the malware. A fixed PIN and a dynamic PIN. The second PIN is obtained by scanning a QR code on the screen of the infected ATM. Only authorized people can empty the machine in this way. The malware can give an "out of service" message.

Another feature that stands out is how the malware deletes itself after the theft. For this it uses SDelete, a Microsoft program to permanently delete data. Green Dispenser is still observed only in Mexico, but that may change as Thoufique Haq of Proofpoint. "While current attack only to certain geographical areas such as Mexico are limited, it is only a matter of time before these techniques are used worldwide."


No comments:

Post a Comment