Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>GreenDispenser ATM Malware Deletes Itself after Each Attack

GreenDispenser ATM Malware Deletes Itself after Each Attack

Security researchers have discovered a new strain of ATM malware known as “GreenDispenser”, designed to allow hackers to completely drain a cash point of money and leave virtually no trace of how they did it. GreenDispenser is similar to the Padpin Trojan discovered a couple of years ago, but with a few key differences. It is coded to run only if the date is earlier than September 2015, which indicates that that GreenDispenser was employed in a limited operation and designed to deactivate itself to avoid detection. The malware is also designed to require a static hardcoded PIN to authenticate the attacker. It then features a second dynamic PIN unique to each run of the malware. GreenDispenser can only be installed on an ATM with physical access, which could indicate that security staff or other banking personnel have colluded with the hackers. It also follows other ATM malware in using the widely adopted XFS middleware to interact with the pinpad and cash dispenser. So far, attacks have only been spotted in Mexico but security experts argued that this technique would not take long to be used in ATM malware campaigns worldwide.
Info Security Magazine
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis