Proofpoint research has discovered a variant of the ATM malware GreenDispenser which allows an attacker the capability to walk up to an infected cash machine and drain it.
GreenDispenser may display an ‘out of service' message on the ATM when it is installed. Attackers that enter the correct pin numbers can rob the cash from the ATM and remove GreenDispenser using a delete process that leaves little to no trace of how the ATM was attacked.
Original malware installation usually requires physical access to the ATM, which raises questions of compromised physical security or personnel. GreenDispenser is comparable to Padpin but does display some unique functions including date limited operation and a form of two-factor authentication.
Malware strains inspected by Proofpoint were coded to run only during months prior to September in the year 2015, which suggests that GreenDispenser was working in a limited operation and built to deactivate itself in order to dodge detection.
Research discovered that current attacks have been limited to definite geographical regions such as Mexico, but Proofpoint believes it is only a matter of time before these techniques are abused worldwide.
To stay ahead of attackers, they suggest that financial businesses should review their existing security immediately.