Cisco security researchers have warned of a new breed of malware targeting point of sale (PoS) systems that can extract financial information from the terminal.
Dubbed PoSeidon, the malware could be of Russian origin as the data that it gathers is sent back to servers in the country. However, this could be an attempt by the hackers to hide their true location.
Cisco explained in a blog post that once the malware is installed it attempts to make contact with control servers and then send on any data it believes is of relevance.
“The downloaded binary, FindStr, installs a keylogger and scans the memory of the PoS device for number sequences that could be credit card numbers,” Cisco said.
“Upon verifying that the numbers are in fact credit card numbers, keystrokes and credit card numbers are encoded and sent to an exfiltration server.”
If the crooks gather the right information they can use it to make fake credit cards for sale on criminal markets, posing major problems for customers, banks and firms that sell goods by accepting the fraudulent cards.
PoS malware is becoming increasingly prevalent as the value of gathering such data increases.
“Attackers will continue to target PoS systems and employ various obfuscation techniques in an attempt to avoid detection. As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families,” the researchers wrote.
“Network administrators will need to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats."
Interestingly Cisco redacted some of the IP addresses associated with the new malware in its blog post "at the request of law enforcement agencies", suggesting that attempts to tackle the problem are already underway.
Tim Erlin, director of product management at Tripwire, said that the latest findings make it clear just how big a threat PoS malware is to the retail sector.
“PoS malware has been extremely productive for criminals in the last few years, and there’s little reason to expect that will change anytime soon," he added.
“System administrators need to remain informed about trends in malware capabilities, while also ensuring that foundational security controls are applied according to best practice.”
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
But there are three times as many CDOs as there were in 2014
Companies never used to hold big launch events to announce minor upgrades, did they?
Only 35 per cent of IT decision makers regularly review their data formats