SUCEFUL is a multi-vendor ATM malware that is capable of stealing cards inserted into ATM machines, disabling ATM sensors, and reading data from a debit card’s magnetic strip.

Read More

First detected in 2009, Skimer is capable of executing twenty-one malicious commands including withdrawing ATM funds and stealing customer data such as bank account numbers and payment card PIN codes.

Read More

RIPPER, discovered by researchers with FireEye Labs in August 2016, is capable of collecting data from bank cards, dispensing cash, and reading user input from the numeric PIN pad.

Read More

ATMitch operates by reading commands contained within a local text file labeled command.txt. The commands are simple, one-letter characters such as ‘O’ for open dispenser, ‘D’ for dispense, and ‘E’ for Exit.

Read More

ATMii, discovered in April 2017, targets ATMs running Windows 7 and Windows Vista. ATMii uses two files, exe.exe and dll.dll, to enable interaction with the ATM’s computer and grant threat actors control over the device.

Read More

Detected by Europol EC3 and Trend Micro in November 2016, Alice is a simple malware variant specifically designed to force an ATM to empty its cash dispenser.

Read More
ATM MalwareNJCCICAlice