Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Monday March 20 2017, @08:42PM   Printer-friendly
from the for-all-your-POS-theft-needs dept.

Security vendor Trend Micro Friday has warned of a new type of point-of-sale (PoS) malware that is being used to attack PoS systems belonging to businesses in the US and Canada.

The malware, which Trend Micro has dubbed MajikPOS, was first spotted infecting PoS systems the last week of January and has been used to steal data on at least 23,400 credit cards, Trend Micro said in an alert.

Trend Micro researchers describe MajikPOS as malware that is similar in purpose to other recent POS data stealing tools, such as FastPOS and ModPOS, but different from them in the manner in which it deploys.

"The attackers are mapping out victims with relatively generic tools ahead of time," says Jon Clay, Trend Micro's global threat communications manager.

[...] Once potential victims are identified, the attackers use a pair of executables to run the attack — an implant and a scraper for getting the card numbers. The approach ensures that if the initial stage of an attack fails, the core malware itself is not compromised, Clay says.

The method of attack indicates that the operators of MajikPOS have taken active precautions to mitigate the possibility of their malware being screened for and detected. This suggests that the operators of MajikPOS are also the authors the malware, Clay says.

Source: http://www.darkreading.com/attacks-breaches/new-magikpos-malware-targets-point-of-sale-systems-in-us-and-canada-/d/d-id/1328434?


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Insightful) by Appalbarry on Monday March 20 2017, @09:23PM (7 children)

    by Appalbarry (66) on Monday March 20 2017, @09:23PM (#481782) Journal

    For any person that reads this story, the number one question is always "Which businesses? Ones that I frequent?"

    And invariably that's the one thing that isn't mentioned. Maybe there's an argument that the businesses deserve some lead time to clean up their act, but surely customers also deserve to know if they may have been put at risk.

    • (Score: 1) by Scruffy Beard 2 on Monday March 20 2017, @10:02PM (4 children)

      by Scruffy Beard 2 (6030) on Monday March 20 2017, @10:02PM (#481810)

      I have been trying to reproduce to PIN pad for my coin laundry not taking the PIN correctly. Assumed it was just a firmware bug.

      No, I will not name them until I know more.

      • (Score: 2) by Scruffy Beard 2 on Monday March 20 2017, @10:11PM (3 children)

        by Scruffy Beard 2 (6030) on Monday March 20 2017, @10:11PM (#481813)

        Update: The Trendmicro article [soylentnews.org] mostly rules out the laundry card reader.

        Properly configured chip-and-pin credit cards with end-to-end encryption (EMVs) should be unaffected by this threat. Unfortunately, terminals that don’t support them are at risk to threats like MajikPOS.

        ...so that leaves gas pumps?

        BTW, the terminal I mentioned in the parent has only a dial-up connection. Good luck port-scanning that ;)

        • (Score: 2) by frojack on Tuesday March 21 2017, @12:07AM (2 children)

          by frojack (1554) on Tuesday March 21 2017, @12:07AM (#481873) Journal

          Properly configured chip-and-pin credit cards

          Unfortunately, what we appear to have in the U.S. is chip and nothing, or chip and signature, maybe.

          In every store I've been in that has the chip readers working finally, I've never been asked for a pin.
          What's up with that?

          Most of my cards have never issued me a pin or told me how I can get one. Only my debit cards have pins. The whole chip and pin exercise seems to have taken a wrong turn somewhere.

          --
          No, you are mistaken. I've always had this sig.
          • (Score: 2) by Scruffy Beard 2 on Tuesday March 21 2017, @02:03AM

            by Scruffy Beard 2 (6030) on Tuesday March 21 2017, @02:03AM (#481922)

            We have had Smart cards [wikipedia.org] in Canada for about a decade now.

            However, if you are using tap to pay [interac.ca], you are not prompted for a PIN every time. I asked my bank to disable that. Not sure they actually did though. Presumably the card would still have the circuitry active.

          • (Score: 0) by Anonymous Coward on Tuesday March 21 2017, @03:25PM

            by Anonymous Coward on Tuesday March 21 2017, @03:25PM (#482181)

            That's interesting to hear. In the Boston area, my experience has been that everywhere that has chip-enabled card processing requires a pin. The only ones that haven't fall back to the magnetic strip. Sounds like rollout across the country has been less than uniform and smooth.

    • (Score: 0) by Anonymous Coward on Monday March 20 2017, @11:35PM

      by Anonymous Coward on Monday March 20 2017, @11:35PM (#481848)

      News at 9.

    • (Score: 0) by Anonymous Coward on Tuesday March 21 2017, @02:30PM

      by Anonymous Coward on Tuesday March 21 2017, @02:30PM (#482153)

      Not the businesses but the software abused can be deduced by hawkeyes:

      The modified version is sometimes named VNC_Server.exe or Remote.exe.
      ...
      MajikPOS is also notable with how it tries to hide by mimicking common file names in Microsoft Windows.

  • (Score: 2) by Grishnakh on Monday March 20 2017, @10:47PM

    by Grishnakh (2831) on Monday March 20 2017, @10:47PM (#481827)

    This is what the POS vendors get for selling system which they themselves advertise as Pieces Of Shit.

(1)