ATMii, discovered in April 2017, targets ATMs running Windows 7 and Windows Vista. ATMii uses two files, exe.exe and dll.dll, to enable interaction with the ATM’s computer and grant threat actors control over the device. ATMii requires network or USB access to the ATM and is capable of performing three malicious operations, including: obtaining an exact list of bills the ATM contains, making the ATM dispense a specified amount of cash, or self-destructing by deleting a local config file.

Reporting and Technical Details: 

Image Source: Bleeping Computer