“The holiday season is here and with it comes a rise in credit card use,” said Israeli security firm Seculert in its blog debuting the malicious code. “Cybercriminals know this and have been infecting consumer PCs with information-stealing trojans for years. Recently however, Seculert identified a growing trend whereby cybercriminals are targeting Point of Sale (POS) systems.”
And in that way, Dexter files is sneaky: instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, hackers can simply use Dexter to target high-value PoS systems.
“Dexter [whose name comes from a string found in one of the malware-related strings] is custom-made malware that has been used over the past two to three months to infect hundreds POS systems,” said Seculert. “Some of the targeted PoS systems include big-name retailers, hotels, restaurants and even private parking providers.”
Despite Dexter appearing to be a fan of all holiday traditions given its global deployment, Seculert said that 42% of Dexter-infected machines are the POS systems are located in North America. About 19% are located in the United Kingdom. However, it is targeting machines on a country-by-country basis, researchers found.
“Dexter is stealing the process list from the infected machine, while parsing memory dumps of specific PoS software-related processes, looking for Track 1 / Track 2 credit card data,” said Seculert. “This data will most likely be used by cybercriminals to clone credit cards that were used in the targeted PoS system.”
The firm said that by observing Dexter’s administration panel, it was able to identify that over 30% of the targeted systems were using Windows Servers.
“This is an unusual number for regular web-based social engineering or drive-by download infection methods,” Seculert noted.