NeoPocket is an information stealer malware that specifically target ATM machines built by Diebold. Unlike common ATM malware that steal cash, it did only reconnaissance and log traffic.
Tyupkin malware infects ATM machines running Windows XP 32-bit version and allows the attacker to empty the ATM cash cassettes via direct manipulation.
SkimerWC trojan infects ATM machine that are designed for Russian and Ukraine banks. The Trojan's main payload is incorporated into a dynamic-link library stored in the NTFS streams.
The Ploutus ATM malware family, first detected in 2013 by Symantec as Backdoor.Ploutus, allows attackers to withdraw cash from an ATM machine on command.
Skimmer malware family was the first to target devices throughout the world. The malicious program is implemented as a dynamic link library loaded by an infected application.