Malware’s newest leading lady: Alice

• Alice’s main focus is to empty the safe of ATMs
• Alice does not steal information

THREAT researchers from Trend Micro’s Forward-Looking Threat Research Team (FTR) have discovered a new family of ATM malware called Alice.

Unlike other ATM malware families, Alice’s main focus is to empty the safe of ATMs.  Alice does not steal information, it only enables its users with physical access to machines to steal as much money as is available in the ATM.

ATM attacks are nothing new; cyber-criminal gangs have been attacking ATMs since the 1990s, however the scope and scale of these attacks are a growing challenge.

Attacks on financial payment systems are constantly evolving, from attacking interbank transfer systems such as SWIFT to the tried and true attacks on ATMs like the ones we have seen recently in Thailand, Taiwan and the UK.

Today there are well over three million ATMs around the world, with a new one added approximately every five minutes.

Even with the growth of alternative payment systems ATM, usage is here to stay. According to Retail Banking Research (RBR), the US currently has 432,000 ATMs, with around 110,000 bank branches where these ATMs delivered 5.6 billion cash withdrawals totalling US$691 billion, up 4% from US$666 billion in the previous year.

Financial institutions continue to innovate to provide additional services and reduce costs of brick and mortar branches, however this could come at a greater cost by making them bigger targets for criminals.

For the better part of a decade, the largest threat to ATMs have been skimming operations where track (account) data and PINs were captured via homemade in-line skimmers with either fake pad overlays or even hidden cameras.

Only in the last few years have we seen the accelerated development and usage of ATM malware, which enables additional opportunities for cyber criminals to compromise ATMs globally.

ATM malware has been around since 2007.  Over the past nine years Trend Micro has tracked and analysed eight unique families, and the bulk of those families were discovered in the last three years.

This type of increase in malware development usually coincides with a similar increase in attacks.

Recent ATM attacks in Russia, Spain and the United Kingdom are even more ominous whereas early reports show these ATMs were attacked remotely. 

Although Alice looks to be written for money mules who have physical access to machines, our researchers do show that Alice could be used via RDP, however we have no evidence yet of remote usage.

This newly discovered Alice ATM malware family was first discovered by Trend Micro in November 2016 as a result of an ongoing joint research project and partnership on ATM malware with Europol EC3.

To read more about Alice, click here.  
 
Related Stories:
 
2017 cyber security trends according to Sophos
 
Clues are dead - Kaspersky Lab’s threat predictions 2017
 
Intel previews 2017 security threats
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.