Bank ATMs are being targeted by a new type of malware that has security researchers puzzled. Alice, as this malicious software is called, was recently discovered by Trend Micro. What is rather intriguing is how the malware is not packed with bells and whistles, which makes its objective very clear: emptying bank ATMs of all cash.
ALICE BANK ATM MALWARE IS WORRISOME
Malicious software targeting bank ATMs is nothing new under the sun. Criminals and hackers have noticed that this can be quite a lucrative business, and new versions of ATM malware are created on a regular basis. Alice, the latest strain of malicious software targeting these devices, is very bare bones. However, it is evident that the developers want to empty every bank teller machine they come across with his new tool.
What is puzzling, however, is how Alice malware has been around since October of 2014, yet had never made any significant impact– that is, as far as security researchers are aware of. Trend Micro has analyzed various similar samples over the years, but most of them are loaded with other functions that make them more appealing to criminals all over the world.
What Alice does is use one function connecting the software to the currency dispenser peripheral inside the teller machine. No other hardware is affected by this malware, which is rather unusual. It is evident that the developers are not intent on recording PIN codes in its current form. Additionally, the malware has no particular installation procedure, making it incredibly difficult to discover.
Deploying this malware requires criminals to physically access the ATM, though, as they will need to infect the system through a USB device or CD-ROM. Plus, they need to connect a keyboard to the machine if they want to operate the malware. This method of attack is anything but inconspicuous, although it would not be the first time that people see engineers working on a bank ATM.
So far, it appears that Alice is compatible with virtually every teller machine manufacturer in the world. It is possible that this malware has been affecting bank ATMs for over two years, even though no samples have ever been found in the wild. Assailants using this malware can enter a four-digit PIN while connected to the motherboard, allowing them to access money-containing cassettes.
Once attackers enter a cassette number, they can trick the ATM into dispensing all of the cash. Even though most teller machines have a 40-note limit, Alice keeps updating the stored cash levels. This gives assailants an overview of when they are hitting the limit. This is a very troublesome development that could have global consequences.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.