Security researchers have discovered a major new piece of point-of-sale (PoS) malware designed to steal credit and debit card data from retailers’ PoS systems.
The aptly named PoSeidon malware family starts with a loader binary which digs in on a target system in an effort to survive a reboot and then contacts a .ru C&C server, Cisco claimed in a blog post.
The URL it retrieves from that server apparently contains another binary, FindStr, which will install a keylogger on the PoS device and scan it for number sequences that could be card numbers.
Once those numbers have been checked and verified by the Luhn algorithm, they are encoded along with keystroke data and sent to an exfiltration server, the blog continued.
Some reports are claiming that PoSeidon shares some of the same capabilities as the infamous Zeus banking trojan, although Cisco made no mention of it in the post. It concluded:
“Attackers will continue to target PoS systems and employ various obfuscation techniques in an attempt to avoid detection. As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families. Network administrators will need to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats.”
PoS malware has been a constant thorn in the side of US cybersecurity teams of late.
Up until now, the BackOff family was thought to be among the most prolific and sophisticated – hitting big name brands including Dairy Queen and UPS.
Part of the problem for US firms lies with the fact that the country is still dragging its heels over migration to EMV, or chip and PIN technology, which was designed in part to reduce card fraud.
Chip and PIN data is more difficult to steal and make sense of, but adoption has been extremely low in the States thus far.
That’s set to change in October this year, however, when the so-called “liability shift” comes into force.
This will mean any firm still using magstripe technology after the deadline will be liable for costs resulting from any payment fraud or breach that might occur on their systems.