Researchers have discovered a new instance of malware that criminals, after entering the correct PIN, the ATM shows empty. In recent years, several malware specimens found that money can be stolen from ATMs. The now discovered Green Dispensing malware is however designed to leave no trace after the theft.
The malware is doted with an effective removal process, says digital security company Proofpoint. To install Green Dispenser is likely to require physical access to the ATM, where Proofpoint does not exclude employees who are responsible for the security or control of the machine also play a role in infections. Once Green Dispenser operates like any ATM malware, but it also has several distinct features.
Thus the malware works only if it is the year 2015 and the month earlier than September. In addition, a kind of two-factor authentication is applied. Indeed, there are two PINs required to access the malware. A fixed PIN and a dynamic PIN. The second PIN is obtained by scanning a QR code on the screen of the infected ATM. Only authorized people can empty the machine in this way. The malware can give an "out of service" message.
Another feature that stands out is how the malware deletes itself after the theft. For this it uses SDelete, a Microsoft program to permanently delete data. Green Dispenser is still observed only in Mexico, but that may change as Thoufique Haq of Proofpoint. "While current attack only to certain geographical areas such as Mexico are limited, it is only a matter of time before these techniques are used worldwide."
Hashes(SHA256):
20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5
50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572
7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0
77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541
b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f
No comments:
Post a Comment