“As we all know, if software is used to make it, then software can be used to break it, and there’s no shortage of people willing to try to get their hands on free cash, which of course can and will be used to fund other criminal activities. An anonymous reader quotes a report from ZDNet: For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Financial organizations will need to look not only at the hardware used to dispense cash, but also the security of the software sat on it,” he told Infosecurity. “Because most ATMs are just computers these days they are of course subject to the same vulnerabilities or exploits that can affect us all. So far attacks have only been spotted in Mexico, although the vendor argued it’s “only a matter of time” before the same techniques are seen in ATM malware campaigns worldwide.ĮSET security specialist, Mark James, argued that ATM malware is getting more sophisticated and widespread, despite the risk of getting caught. It also follows other ATM malware in using the widely adopted XFS middleware to interact with the pinpad and cash dispenser, Proofpoint said. The macOS.OSAMiner has been active since 2015, primarily infecting users in Asia. GreenDispenser can only be installed on an ATM with physical access, which could indicate that security staff or other banking personnel have colluded with the hackers. macOS malware used run-only AppleScripts to avoid detection for five years. In addition, GreenDispenser has the capability to perform a deep delete after the heist to prevent forensic analysis and IR investigations.” This feature ensures that only an authorized individual has the ability to perform the heist. We suspect that the attacker has an application that can run on a mobile phone with functionality to scan the barcode and derive the second PIN - a two-factor authentication of sorts. “The attacker derives this second PIN from a QR code displayed on the screen of the infected ATM. It then features a second dynamic PIN unique to each run of the malware. The malware is also designed to require a static hardcoded PIN to authenticate the attacker. It’s coded to run only if the date is earlier than September 2015, “suggesting that GreenDispenser was employed in a limited operation and designed to deactivate itself to avoid detection.” GreenDispenser is similar to the Padpin trojan discovered a couple of years ago, but with a few key differences, according to security vendor Proofpoint. Macos malware runonly avoid detection five full One of the nice things about AppleScript is not only does it have a magic at the beginning of an AppleScript. Image: Bundo Kim For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Security researchers are warning of a new strain of ATM malware designed to allow hackers to completely drain a cash point of money and leave virtually no trace of how they did it.
0 Comments
Leave a Reply. |