Unlike RIPPER and SUCEFUL ATM malware, Alice Malware isn’t controlled via ATM’s PIN pad (ATM Keyboard) The malicious authors of Alice Malware haven’t focused on the coding that enables communication between malware server and ATM (Automated Teller Machine) through ATM key pad instead they have included an unique module that dishes out cash of ATM. Furthermore, it was highlighted that Authors of Alice Malware aren’t as experienced as other malware because their concept of collecting and selling payment card data online is really too much time consuming and poses risk of getting caught by cyber crime branch or FBI.
Early in November, TrendMicro discovered Alice Malware which enables physical access to the ATM’s port and allows Attackers to spit out cash immediately. Alice name was given to the malware as its authors have developed the malware under the project named – Project Alice. Researchers from the TrendMicro also made public some evidence that reveals that malware has been active since the beginning of 2014.
Researchers described on how Alice Malware functions, they said that Attackers can deploy Alice Malware only if they get physical access to one of the USB or CD-ROM slot of target ATM. When the malware is loaded, attackers also need to connect a keyboard to the ATM system in order to interact with Alice Malware and begin malicious operation.
Once interaction with the malware is started, attackers are asked to enter a PIN number to proceed the execution and then PIN would serve Attackers as an affiliate ID. Afterwards they get abilities to monitor activities of compromised ATM from a remote server as well as to dispense cash. According to security investigators, Unlike other malware, Alice Malware hasn’t full control over ATM’s functionalities because it has only one component that connects the malware’s process with the ATM’s cash dispenser module and bring up Operator Panel to spit out cash. According to the restriction law of ATM, all machines are limited to 40 bills per withdrawal, hence to dispense more cash, Attackers have to repeat the same procedures constantly.