http://arstechnica.com/security/2014/07/stealthy-new-malware-snatching-credit-cards-from-retailers-pos-systems/
By Sean Gallagher
Ars Technica
July 31, 2014
US Computer Emergency Response Team, in cooperation with the Secret
Service and researchers at Trustwave’s Spiderlabs, have issued an alert
about a newly identified variant of malware installed on point-of-sale
(POS) systems that was used in a series of recent attacks by cyber
criminals. Called “Backoff,” the malware shares characteristics with the
one used to attack Target’s point of sale systems last year: it scrapes
credit card data out of the infected computer’s memory. Until now, it was
undetectable by antivirus software.
POS machines are a big target for hackers, who use malware like Backoff to
collect data from credit cards and other transaction information to either
create fraudulent credit cards or sell the data. In many ways, the
Backoff-based attacks were similar to the attack in 2011 on Subway
franchises—hackers used remote desktop software left active on the
machines to gain entry, either by brute-force password attacks or by
taking advantage of a default password, and then installing the malware on
the hacked system.
According to US-CERT, Backoff runs in the background watching memory for
the “track” data from credit card swipes, which can be used to both obtain
the account number on the card and to create fraudulent cards that can be
used in ATMs and other point-of-sale systems. Backoff also has a keylogger
function that records the key-presses on the infected computer. The
malware installs a malicious stub in Internet Explorer that can reload the
in-memory component if it crashes and communicates with the criminals’
command and control network—sending home captured credit card data and
checking for malware updates.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
