GreenDispenser ATM malware found in the wild, stealing cash from banks



Banks have another security headache on their hands, as ATM-infecting malware is becoming increasingly sophisticated in its attempt to help criminals audaciously empty out cash machines on the high street on demand, without having to have previously stolen the payment cards of legitimate customers.
Dubbed GreenDispenser by researchers at Proofpoint, the new malware targeting ATMs allows thieves to extract large amounts of money from cash machines, while using sneaky techniques to avoid detection.
Here’s how GreenDispenser works.

Firstly, the ATM needs to be infected by the GreenDispenser malware. This would most likely require the attackers to have unrestricted physical access to the device, or assistance from bank employees.
Earlier this month, security blogger Brian Krebs wrote a series of articles about what he claimed was an organised crime gang, bribing ATM technicians into meddling with the cash machines in and around Cancun, Mexico.
But once the malware is in place on the ATM, an “out of service” message is displayed – preventing any law-abiding members of the public from withdrawing any money which might lessen the haul for the hackers.

So, how does a criminal extract cash from an “out of service” ATM? Well, all they need to do is enter a hardcoded authorisation PIN code to give them special access to the system.
Remarkably, possibly to prevent others from abusing the PIN code if it is shared indiscreetly (there’s no honour amongst thieves it seems), the malware includes a two-factor authentication feature to verify that the person entering the PIN code is who they claim to be. That’s better security than any legitimate bank customer gets when they use an ATM!
With the initial hardcoded PIN entered, the ATM thief is presented with a scannable QR code, that can be scanned with a smartphone app. This then generates a second PIN, which will unlock an ATM menu screen, revealing options to dispense or even securely erase the malware from the ATM in a bid to prevent analysis by security researchers.

Malware infecting ATMs is, sadly, nothing new and this blog has reported numerous times in the past on gangs who have stolen millions of dollars after installing malware that helps them scoop up card details of ATM users or even empty cash out of bank’s cash machines right there on the high street.
The researchers at Proofpoint say that GreenDispenser is thought to have been found in “certain geographic regions such as Mexico”, but the fear is that if it continues to prove fruitful for the criminals new versions of the malware could be used against banks worldwide. It certainly wouldn’t be a surprise – Tyupkin, another strain of ATM malware that GreenDispenser appears to be related to, has been seen in several countries around the world.
Tim Erlin, Tripwire’s director of IT security and risk strategy, told the press earlier this month after the discovery of a further sample of malware that it pays to be cautious before sticking your payment card in a hole in the wall:
“Embedded systems, like ATMs and point-of-sale devices, present unique challenges for information security, and unique opportunities for attackers. We’re fast approaching a situation where consumers need to have a healthy scepticism for security of the devices into which they stick their cards.”
He’s right, of course. But malware like GreenDispenser isn’t interested in bank customers’ credit card details – because it steals directly from the banks. And while attacks like this continue to succeed, you have to suspect that more and more criminals will waltz around the middle-man, and go directly to where the money is.
Bank security teams need to keep on top of the latest tricks used by ATM-infecting malware, and look long and hard at their security to ensure that no-one inside their organisation could be giving ATM hackers a helping hand.

Share this

Related Posts

Previous
Next Post »

1 komentar:

Write komentar
14 December 2015 at 04:24 delete

Hello everyone i have been waiting for this day to also have the opportunity to testify about my experience to the world on how i got my blank atm card.
I was so desperately in need of this card and i contacted some companies i saw online they all promised me card in 5 days and i sent money on several occasions but i never got my card. Luckily for me i saw a comment by KIM RAY on Google+ advertising startechblankatmhackers@outlook.com and how reliable the where. Initially i thought it was just another scam but something kept telling me to make the move and so i did. I spoke to their agent and i sent all necessary information and in exactly 4 days i got my card exactly same as the picture sent to me and immediately i sought for an atm outlet and made my first cash withdrawal of $5000 and i paid my balance to STAR TECH. I am very grateful and glad i seized this opportunity now i can take care of my family and sick mother. If you are at a cross road on whom to trust and rely on then seek no further but contact startechblankatmhackers@outlook.com immediately and be a part of this blessing...

Reply
avatar