‘Tis the season for PoS malware

‘Tis the season for boughs of holly, holiday cheer, presents, goodwill and… malware.

The holiday season is a great time for cybercriminals to play Scrooge and spoil the fun by installing data-stealing malware on retailers’ point-of-sale systems.

In fact, more and more people are able to infect POS systems and steal credit and debit card information through build-your-own malware products like Pro PoS, security researchers at Cisco Talos warned in a blog post on Thursday.

Pro PoS functionality includes Tor support, rootkit functionality, ability to avoid antivirus software detection and a polymorphic engine.

“The Pro PoS client malware uses a modified version of Alina, which had its source code leaked earlier this year. In this version, the malware utilized a simple packer that does not contain any anti-analysis checks. Given the simplicity of the packer and the fact that it even leaves some of the string in the binary unaltered, it is likely that the packer was meant to simply compress the binary, instead of trying to make the examination of the binary more complicated,” the researchers explained.

The researchers stressed that payment cards with EMV chips and POS terminals that are chip-enabled are keys to preventing malware from stealing your data. Unfortunately, the transition to chip-enabled POS systems has been “bumpy at best” because of the cost.

“As long as PoS terminals rely on payment data stored in the magnetic stripe, threat actors will continue to invest in innovation and development of new malware families to exploit this attack vector. Attackers will continue to target PoS systems and employ various obfuscation techniques in an attempt to avoid detection. Since PoS malware like Pro PoS is available for purchase, it is even easier for threat actors to utilize it to steal payment card data,” the researchers concluded.

Individuals who don’t have cards with EMV chips should ask their banks about getting one, and retailers that don’t have chip-enabled POS systems need to deploy them soon. In the meantime, everyone needs to be especially vigilant. by – Fred, @FierceFred1 – Fierce IT Security


Powered by WordPress. Designed by Woo Themes