Monday, March 25, 2013

New malicious code attacks trade POS-terminals


The anti-virus company McAfee warned about detection of a new sample of the malicious software focused on infection of retail POS terminals for the purpose of theft of buyers given about cash cards.

 A new Trojan called vSkimmer and a Trojan-like malicious code designed to infect Windows operating system and capture payment data while shopping through POS-terminal. It is reported that vSkimmer can also work with the connected POS-terminals readers of bank cards, reading them with additional data.

In McAfee said that the first vSkimmer was detected on 13 February and is now on a number of hacker forums sellers of the code say vSkimmer exceeds the functionality previously found malware Dexter, discovered in December last year.


It is known that after infection vSkimmer receives information about the OS, version, GUID-ID, the default language, user activity in the system and a number of other details. This data is transmitted back to the command server and encrypted during transmission over http, to complicate the identification of malicious code on the system. In addition, vSkimmer can load or update a variety of modules that extend the functionality.

While working vSkimmer searches the computer's memory processes associated with the settings and scans for the presence of the RAM flows with information on bank cards and captures the so-called Track 2 data stored on the magnetic strip card (if payment is not used for PIN-code or special chip-key).

It is also interesting to note that there is vSkimmer functionality that allows it to operate in the absence of an internet connection. vSkimmer can reset the data on the USB-device, calling that USB-drive as KARTOXA007.

No comments:

Post a Comment