Point-of-sale systems have become the Achilles heel of retailers, exploited by hackers of Target, Kmart, Home Depot and others to steal valuable credit and debit card data.
A new strain of malware called PoSeidon is targeting retailers’ POS systems once again, warned Cisco security researchers in a blog post.
The malware is designed to scrape a POS system’s memory of credit and debit card numbers and send them to a Russian command and control (C&C) server.
The malware includes a loader and a keylogger. The loader binary is able to survive a system reboot, so that it can contact the C&C server, retrieve a URL that contains another binary to download and execute. This second binary installs a keylogger that can read the credit card numbers as they are swiped through the POS device. The keylogger then sends the credit card data back to the C&C server.
“PoSeidon is another in the growing number of point-of-sale malware targeting POS systems that demonstrate the sophisticated techniques and approaches of malware authors,” the researchers explained.
“Network administrators will need to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats,” they added.
POS malware has been a popular attack method for attackers bent on harvesting credit and debit card data.
Following the massive Target breach that resulted in 40 million credit and debit card numbers being stolen, the Department of Homeland Security’s US-CERT warned that a variety of POS malware strains were being used by cybercriminals to target retailers.
Following that warning came a string of admissions from major retailers, including Walmart, Michaels, Staples and Home Depot, that their credit and debit card data was compromised by POS malware.
PoSeidon is only the latest in a long line of POS malware.
As long as POS systems remain valuable and vulnerable targets, cybercriminals will write and deploy malware to exploit them.
By Fred Donovan
– read the Cisco blog post