New Point-of-Sale Terminal Malware Compromises 1,500 Devices Worldwide

 

In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers.

BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S.

Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions.

Now the latest one is the ‘Nemanja botnet,' a recently discovered new piece of malware that has infected almost 1,500 point-of-sale (POS) terminals, accounting systems and other retail back-office platforms from businesses across the world.

"The bad actors combine several attack vectors in order to infect operators’ stations – “drive-by-download” and remote administration channels hacking." researchers said.

This massive, global botnet campaign was unearthed by the Security researchers at the cybercrime intelligence firm IntelCrawler, which includes more than 1,478 hosts in almost 35 countries worldwide, including the U.S., UK, Canada, Australia, China, Japan, Israel and Italy, as well as other developing countries.

“The analyzed botnet has affected various small businesses and grocery stores in different parts of the world, making the problem of retailers’ insecurity more visible after past breaches. Past incidents showed high attention from modern cybercriminality to retailers and small business segments having Point-of-Sale terminals.” Intercrowler explained in a blog post.

IntelCrawler is the company that most actively investigate the electronic crimes related to the Point-of-Sale (POS) systems. IntelCrawler is also the same firm that discovered the BlackPOS malware used in Target data breach and it also had traced the malware author of BlackPOS malware in the beginning of the year.

Nemanja botnet was discovered by the cyber intelligence company in March. It includes POS malware with keylogging capabilities that is highly being used by cybercriminals to steal sensitive information such as username and passwords and in this case, attackers used this feature to steal payment or personal identifiable data from various bank office systems and databases.

"IntelCrawler predicts that very soon modern POS malware will become a part of RAT/Trojans and other harmful software acting as a module, which may be used along with keylogger and network sniffing malware." Intercrowler explained.

IntelCrawler predicts a significant increase for the number of data breaches in the future and that in coming days modern PoS malware will be incorporated as modules into malicious remote access tools (RATs) or other Trojan programs and will be used along other components, like those for keylogging or network traffic sniffing.

Point-of-sale (POS) systems are critical components in any retail environment and users are not aware of the emerging threats it poses in near future, so to overcome the upcoming threats we should know its architecture, the areas of attacks and the defense measures. For this you can refer a Book 'Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions' to grab the in-depth research of the point-of-sale (POS) systems, how it works, how it could be exploited, and what protection measures should be taken.