Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Monday March 20 2017, @08:42PM   Printer-friendly
from the for-all-your-POS-theft-needs dept.

Security vendor Trend Micro Friday has warned of a new type of point-of-sale (PoS) malware that is being used to attack PoS systems belonging to businesses in the US and Canada.

The malware, which Trend Micro has dubbed MajikPOS, was first spotted infecting PoS systems the last week of January and has been used to steal data on at least 23,400 credit cards, Trend Micro said in an alert.

Trend Micro researchers describe MajikPOS as malware that is similar in purpose to other recent POS data stealing tools, such as FastPOS and ModPOS, but different from them in the manner in which it deploys.

"The attackers are mapping out victims with relatively generic tools ahead of time," says Jon Clay, Trend Micro's global threat communications manager.

[...] Once potential victims are identified, the attackers use a pair of executables to run the attack — an implant and a scraper for getting the card numbers. The approach ensures that if the initial stage of an attack fails, the core malware itself is not compromised, Clay says.

The method of attack indicates that the operators of MajikPOS have taken active precautions to mitigate the possibility of their malware being screened for and detected. This suggests that the operators of MajikPOS are also the authors the malware, Clay says.

Source: http://www.darkreading.com/attacks-breaches/new-magikpos-malware-targets-point-of-sale-systems-in-us-and-canada-/d/d-id/1328434?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday March 21 2017, @02:30PM

    by Anonymous Coward on Tuesday March 21 2017, @02:30PM (#482153)

    Not the businesses but the software abused can be deduced by hawkeyes:

    The modified version is sometimes named VNC_Server.exe or Remote.exe.
    ...
    MajikPOS is also notable with how it tries to hide by mimicking common file names in Microsoft Windows.