GreenDispenser ATM malware enable its attacker to empty the ATM vault on demand. It was first discovered in Mexio but soon it spread in other countries. Initial malware installation likely requires physical access to the ATM and operates by interacting with the machine's XFS middleware, a platform that provides a common interface for financial services devices regardless of the manufacturer. XFS enables communication between the ATM hardware components including peripheral devices such as the PIN pad and cash dispenser. Once install the ATM displays and Out-of order which bars regular user from using the ATM. But the attackers can bypass the error by typing a specific PIN that's hard-coded in the malware and empty the cash vault.
| b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f | Trojan-Banker.Win32.GreenDispenser.a | Download |
| 77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541 | Trojan-Banker.Win32.GreenDispenser.d | Download |
| 20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5 | Trojan-Banker.Win32.GreenDispenser.b | Download |
| 7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0 | Trojan-Banker.Win32.GreenDispenser.c | Download |
| 50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572 | Trojan-Banker.Win32.GreenDispenser.c | Download |
| 5a37be2d298145b766ba54616677d802cfabc62e3b9be2ffb6d4719d3f8143e9 | Trojan-Banker.Win32.GreenDispenser.e | Download |