Cybersecurity researchers have spotted two strains of point-of-sale (POS) malware that are active in the wild and stealing people’s credit card information.
So far, they’ve stolen more than $3.3 million worth of payment data, but given that the strains are active, that number is probably even higher by now.
Cybersecurity researchers Nikolay Shelekhov and Said Khamchiev from Group-IB discovered the strains – called MajikPOS and Treasure Hunter – earlier this year, when they found their command & control (C2) servers. Through the server, they were able to deduce that the malware operators – whose identities are unknown at the time – stole payment information from tens of thousands of credit card holders.
Tens of thousands of stolen credit cards
Between February 2021 and September 2022, they were able to obtain the details of more than 167,000 credit cards. The researchers claim this information could be worth more than $3.3 million on the black market.
Pretty much all of the data stolen belongs to US-based credit card holders. It took the researchers a month to analyze some 77,000 card dumps from the MajikPOS panel, and some 90,000 from the Treasure Hunter panel, after which they deduced that 97% of the cards from MajikPOS, and 96% from Treasure Hunter, were issued by US banks. The rest were issued by banks all around the world.
Law enforcement has been notified, the researchers added.
To infect POS endpoints, threat actors would first scan networks for open, or improperly secured virtual network computing (VNC) and remote desktop protocol (RDP) services. They would access (or brute-force their way into) the systems, and install the malware. After that, the malware would scan the devices and exploit them in the moment when they read and store credit card data.
To protect from such attacks businesses should make sure their POS systems are protected with a strong password, are regularly updated with the newest software, and are hidden behind firewalls and other cybersecurity solutions (opens in new tab).
Via: The Register (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba