Once installed, affected machines are connected to a POS botnet that reports back to a centralized C&C server. Such malware is known to be highly customized to fit or blend in with files associated with the target organization. ![]() It has been noted that tactics employing these come with files bearing misleading names, such as java.exe and adobeflash.exe. Second, POS malware can be installed via social engineering or phishing lures, especially for targeted attack campaigns. Data scraped by variants that are not hooked up to a network are retrieved or accessed remotely. This means that someone working in the store who has active knowledge of how the payment processing is set up can manually install the malware to target machines. There are two typical ways POS malware can be installed in machines capable of reading card data. Using the previous examples, Soraya is found to have the capabilities of a known banking Trojan called Zeus, while LusyPOS can communicate back to its command and control (C&C) server using Tor, a popular anonymity tool.Ģ014 was dubbed by industry experts as the “Year of the Largest Retail Hacks” thanks to POS malware. ![]() Modern-day memory scraping malware is found to be more sophisticated compared to their predecessors. The Dexter variant the industry found after Alina surfaced has been succeeded by Soraya and LusyPOS. For example, Alina (aka Track), which surfaced in late 2012, is succeeded by JackPOS, which surfaced in early 2014. Several of these are predecessors to new known POS malware variants. While the industry currently detects more than 15 kinds of POS malware, no two are alike. In April 2015, a variant of this malware surfaced, targeting devices in casinos and resort hotels in the United States, Canada, Europe, the Middle East, and Latin America. It is said to be technically simple, but can still affect modern-day card processing terminals. The first known POS memory scraper is RawPOS, which was found sometime in 2008. POS malware may come in three types: keyloggers, memory dumpers, and network sniffers. Although deemed as less sophisticated than your average PC banking Trojan, POS malware can still greatly affect not just card users but also merchants that unknowingly use affected terminals, as they may find themselves caught in a legal mess that could damage their reputation. It is believed that criminals behind the proliferation of this type of malware are mainly after data they can sell, not for their own personal use. ![]() It does this by scraping the temporarily unencrypted card data from the POS’s memory (RAM), writing it to a text file, and then either sending it to an off-site server at a later date or retrieving it remotely. Point-of-sale (POS) malware is software specifically created to steal customer data, particularly from electronic payment cards like debit and credit cards and from POS machines in retail stores.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |