Categories: Security

Everything You Need to Know About the “Alice” ATM Malware

Over the past decade, only eight different ATM malware “families” have ever been detected. A new malware family, called “Alice,” was detected last year; it was first reported on more than a month ago, but researchers believe that it’s been in operation since at least 2014. According to Trend Micro, the malware is a “stripped down” malware that exists solely to make ATMs spit out cash. What makes this particular type of malware unique is that it doesn’t require a malicious person to control it through the ATM’s keypad.

Malicious attacks on ATMs have rapidly increased over the last several years. That’s why it may be safer to use credit cards and mobile payment methods (if you are able to do so). If you use mobile payment apps, remember to ensure that your information is safe by regularly checking your device for malware. Click here to fully scan your device:

Go Ask Alice: How it Works

There are a few different ways that Alice can infect an ATM. The first two ways involve using a USB or CD to transfer the code onto the ATM. The third way — which is better for hackers who want to avoid public places with security cameras — is to hack a bank’s network to gain access to the ATMs. However, this type of attack is less likely to work as well with larger banks, which have better security. Still, just because it isn’t as likely to happen, it doesn’t mean that larger banks should neglect improving their overall security in response to the Alice malware.

Before Alice infects an ATM, it scans the machine to make sure it’s running on an ATM. Once its location is confirmed, Alice will issue a series of prompts; if the location is incorrect, the malware will terminate itself. In order for the malware to officially launch, and access the money inside the ATM, the hacker will need to enter a PIN code. The hacker can then dispense all of the ATM’s money (by launching the malware multiple times if there are withdrawal limits).

Why Alice is Worrisome

As mentioned, Alice is unlike other ATM malware families. Alice shows that ATM malware is getting much better, and that hackers are increasingly able to adapt their malware to a variety of platforms. This is further exemplified by the alarming increase in ATM malware over the last few years. Currently, the Alice malware uses easily available commercial software, but in the future this type of malware is likely to use fully customized software.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.