Analysts believe that recent point-of-sale (POS) malware attacks targeting more than 100 terminals in Brazil were the handiwork of a single person – who managed to steal more than 22,000 unique credit cards numbers in a little over a month.
The malware dispatched, “FighterPOS,” was also standout because, in addition to collecting credit card track 1, track 2 and CVV codes and featuring RAM scraping functionality, it allowed threat actors to launch distributed denial-of-service (DDoS) attacks against targets.
According to Trend Micro, which detailed the operation in a Monday blog post, FighterPOS appeared to be a modified version of older malware called, vnLoader, with features malware auto-update functions, file download and execution, and transfers credit card and keylogged data from infected hosts to criminals. Researchers also believed that FighterPOS was constructed from older malware since samples of the threat were written in Visual Basic 6, programming language “considered outdated and antiquated,” though still functional with fully patched systems, the blog post explained.
Between late February and early April, 113 terminals running Linx MicroVix or Linx POS systems were infected with FighterPOS. More than 95 percent of the malware attacks were in Brazil, but a very small number were detected in the U.S., UK, Mexico and Italy.
According to Jon Clay, senior manager of global threat communications at Trend Micro, who spoke to SCMagazine.com in a Monday interview, other attackers will certainly want to take advantage of the new POS malware &ndash and my now have the opportunity to do so.
Clay pointed out that the sole perpetrator of the attacks in Brazil was actively selling the FighterPOS control panel and malware code for 18 bitcoins, worth around $5,250 – not an outlandish sum considering the potential payout for fraudsters. Furthermore, its suite of malicious capabilities may make it more appealing to buyers.
This article has been extracted from http://www.scmagazine.com, please click on this link to read the article in full http://www.scmagazine.com/recent-pos-malware-attacks-in-brazil-may-be-work-of-sole-perpetrator/article/408795/
Montash is a multi-award winning, global IT recruitment business. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Scientific Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.
With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.