Custom Built POS Malware Attacks US Retailers

Despite the fact that Crypto-ransomware has been the most popular type of malware nowadays, cyber criminals have not stopped using other kinds of malware as well.

Security researchers claim that hackers are dead set on stealing as much payment card information as possible before US retailers switch to chip-enabled cards, which means that they are trying to leverage all available POS malware on the market.

According the researcher Nart Villeneuve, there is free POS malware, which is easily detected by security solutions. The second are those that have to be bought from its creators, and the third category is the custom built POS malware.

For instance, one of these is TreasureHunt. This POS malware is believed to be custom built for a specific cybercrime operation called “BearsInc”.

BearsInc is an actor on an underground cybercrime forum dedicated to credit card fraud,” Villeneuve stated. “BearsInc has advertised stolen payment card information for sale.”

In fact, TreasureHunt does not differ much from other POS malware. It also enumerates running processes, extracts payment card information from the compromised system’s memory, and sends the collected info to a command server which hackers control.

Security experts claim that the first version of this malware was created in December 2014, and the latest (v 0.1.1) has been in use since November 2015.

Considering the fact that samples of the malware haven’t been uploaded often to VirusTotal or detected by security systems, the researchers posit that the malware is being deployed in a targeted manner.

Usually, TreasureHunt is implanted on a POS system through the use of previously stolen credentials or through brute forcing common passwords.

The malware code of Jolly Roger contains a string which points toward both the creator of the malware and the buyer. BearsInc seems to be the latter, while the developer is someone that goes by the online handle “Jolly Roger” and loves to use a pirate theme for his creations.

In any case, according to security researchers, the smaller retailers and banks should be very careful nowadays, and they should speed up their transition to EMV chip-and-PIN technology. An increasing number of major firms already has. The potential victims is shrinking, and the likelihood of being hit constantly increases.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.