Thursday, September 24, 2015
GreenDispenser ATM malware with added 2FA
What if you could just walk up to an ATM machine and rob the bank right there? What if you also used two factor authentication to stop other robbers doing the same? That’s what Proofpoint researchers have discovered is happening with GreenDispenser ATM malware. Proofpoint researchers have published details of a new ATM malware campaign that they have called GreenDispenser. This works in much the same way, in that it requires physical access to install and enables a thief to walk up, type in, and walk away with cash. Lots of cash. GreenDispenser infected machines will display an out of service message, but the attacker can bypass this by entering the right codes. Even better for the thief, and a lot worse for the machine provider, the whole process can be wiped using a ‘deep delete’ system that leaves little in the way for investigators to trace back. Currently the attacks appear to be limited mainly to Mexico, although India is implicated as well, and appears to be able to target hardware from multiple vendors as long as they use the XFS standard adopted by large numbers of them.