Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Monday March 20 2017, @08:42PM   Printer-friendly
from the for-all-your-POS-theft-needs dept.

Security vendor Trend Micro Friday has warned of a new type of point-of-sale (PoS) malware that is being used to attack PoS systems belonging to businesses in the US and Canada.

The malware, which Trend Micro has dubbed MajikPOS, was first spotted infecting PoS systems the last week of January and has been used to steal data on at least 23,400 credit cards, Trend Micro said in an alert.

Trend Micro researchers describe MajikPOS as malware that is similar in purpose to other recent POS data stealing tools, such as FastPOS and ModPOS, but different from them in the manner in which it deploys.

"The attackers are mapping out victims with relatively generic tools ahead of time," says Jon Clay, Trend Micro's global threat communications manager.

[...] Once potential victims are identified, the attackers use a pair of executables to run the attack — an implant and a scraper for getting the card numbers. The approach ensures that if the initial stage of an attack fails, the core malware itself is not compromised, Clay says.

The method of attack indicates that the operators of MajikPOS have taken active precautions to mitigate the possibility of their malware being screened for and detected. This suggests that the operators of MajikPOS are also the authors the malware, Clay says.

Source: http://www.darkreading.com/attacks-breaches/new-magikpos-malware-targets-point-of-sale-systems-in-us-and-canada-/d/d-id/1328434?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Scruffy Beard 2 on Tuesday March 21 2017, @02:03AM

    by Scruffy Beard 2 (6030) on Tuesday March 21 2017, @02:03AM (#481922)

    We have had Smart cards [wikipedia.org] in Canada for about a decade now.

    However, if you are using tap to pay [interac.ca], you are not prompted for a PIN every time. I asked my bank to disable that. Not sure they actually did though. Presumably the card would still have the circuitry active.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2