XFSADM has been detected that as ATM malware but its author's identification or intentions are not clear. It was first detected in Russia in 2019. This malware is designed to make use of a DLL library known as XSF (Extension for Financial Services) that only exists in automated teller machines (ATM), which provides an API that interacts with the msxfs.dll library, allowing the software to communicate with the PIN keyboard of the ATM and thus be able to capture the information entered by the user.
XFSADM ATM Malware Signatures
XFSADM ATM Malware Download