A newly-discovered form of malware has ATMs spitting out cash, enabling crooks to hoover up the money. The malware, named Alice by researchers at Trend Micro and Europol, has been in circulation since 2014.

Criminals install Alice into an ATM by gaining access to one of the machine’s USB or CD-ROM access ports. Once that’s been accomplished a keyboard is attached so that they can interact with the ATM and launch the malware’s .exe file.

Alice has been equipped with a PIN functionality, meaning that bank staff who discover it can’t get into its inner working without knowing the code. PIN codes have been distributed to money-peddlers on case-by-case basis, says Trend Micro, meaning that the creators would know who used it and where.

The malware connects directly to the ATM’s cash dispensary, through which the attacker can order the ATM to dispense a varying amount of different notes. Alice also features Remote Desktop Protocol capabilities – meaning crooks can access it remotely once they’ve brute-forced their way to knowing a password – but it has never been activated (yet).

[do_widget id=text-34]

by Alex Hamilton
Alex is Senior Reporter at IBS Intelligence, follow him on Twitter or contact him at: alexanderh@ibsintelligence.com