Trend Micro announced the discovery of a new family of ATM malware, known as Alice, that is designed solely to empty the safe of ATMs.
Unlike other families of malware, the cybersecurity researchers reported, Alice is considered to be quite stripped down and does not boast information-stealing features, nor can it be controlled via the numeric pad of ATMs.
Alice was first tracked down last month during a joint research project between Trend Micro and Europol EC3 on ATM malware.
“This new discovery is remarkable because it shows a clear tendency for malware writers to attack an ever-increasing variety of platforms. This is especially acute against ATMs, due to the high monetary value they represent. This tendency has accelerated enormously over the last two to three years, which is when the bulk of those families have been discovered,” the company’s blog post stated.
Among the many things that stand out about Alice, the researchers highlighted that the malware is extremely feature-lean and only contains the basic functionality needed to empty an ATM’s safe.
“Up until recently, ATM malware was a niche category in the malware universe, used by a handful of criminal gangs in a highly targeted manner. We are now at a point where ATM malware is becoming mainstream. The different ATM malware families have been thoroughly analyzed and discussed by many security vendors, and these criminals have now started to see the need to hide their creations from the security industry to avoid discovery and detection,” the post continued. “Today, they are using commercial off-the-shelf packers; tomorrow, we expect to see them start to use custom packers and other obfuscation techniques.”