Hackers looking to steal money from ATMs have targeted your credit cards for years, trying to obtain access to it by hacking online services and retail shops. However, since more and more markets including America are adopting more secure payment methods like chip-and-PIN cards and mobile payments, some talented hackers are adapting their game accordingly.
Rather than trying to steal credit cards, clone them and only then try to obtain cash out of ATMs, some people are simply targeting the machines with malware that makes them spit out cash on command.
This isn’t the first time such ATM malicious programs have been discovered, but the level of sophistication is even higher, Computer World reports. Called GreenDispenser, the new program was detected in Mexico, but it’s apparently only a matter of time until similar attacks are found in other countries, security firm Proofpoint believes.
GreenDispenser needs either physical access to the ATM, but once that’s done, hackers can start collecting cash and even erase their traces. With the program active, the ATM will show an error message that says the machine is out of order.
However, the hacker could easily bypass the error by inserting the proper PIN. Once the PIN is entered, a QR code is displayed on the screen, which the hacker needs to scan with a mobile app to proceed. A second, dynamically-generated PIN is then given, which will let the person at the ATM activate the cash dispenser to take out money. The menu also contains an option to erase the malware in a way that securely wipes it so that security companies won’t be able to recover it.