ATMJaDi is a new malware aimed at theft of ATMs, a practice known as jackpotting. The trojan is programmed to infect the banking network of a financial institution and track down machines to invade and control them remotely through a web-based program.
According to Kaspersky analysis, ATMJaDi malware has been found in ATM machines in Mexico. The malware is built to work in the web environment and therefore has no interface to operate with the keyboard or touch screen of the machines. This feature implies that the software was developed with the premise of a remote attack.
Once installed and with the ATM under control, the Trojan horse executes codes that the machine understands as legitimate, causing it to follow orders without issuing alerts. From there it is possible to force the ejection of all the money stored in the machine. Usually, ATM viruses require some kind of direct criminal action in the preparation and collection of money. With this type of coup, however, the presence of the criminal is only required at the end of the coup to collect the money from the machine.
The malware attacks a specific subset of ATMs, which, according to company analysts, suggests that it may have been created by bank employees.