A new Trojan horse is currently wreaking havoc on Indian Point of Sale (POS) machines which steals the customer's card information. This Trojan horse appears to have been in picture after India's Central Bank, RBI made it mandatory for the debit card holders to enter their PIN every time they swipe their card for a purchase at a POS. Cyber-security sleuths recently detected this Trojan horse and have alerted consumers about the potential risk
The trojan is named as "Dexter, black PoS, memory dump and grabber". The severely potent and quickly spreading trojan can acquire as much as seven different aliases when infecting a system. After successfully breaching all the security measures and protocols of the POS, it steals confidential data like card holder's name, account number, expiration date, CVV code and other discretionary information. The information can then lead to financially compromising and phishing attacks on the card at a later stage. Indian Cyber security experts are reporting it as one of the most potent ones they have recently seen! The malware has built in routines which collect and parse personal sensitive information of the Swiped card from the running processes in memory by enumerating the PoS related process. The Malware also has procedures which can exfiltrate directly without interim storing in the hard disk and thus leaving no trace in the system
Meanwhile Computer Emergency Response Team (CERT-India) has issued an advisory about the attacks to the public
"It has been reported that malware campaigns targeting payment card processing, point-of-sale (PoS), check out systems or equipment are on the rise. The common infection vectors for PoS system malwares includes phishing emails or social engineering techniques to deliver the malware, use of default or weak credentials, unauthorised access, open wireless networks along with the methods of installing malware as a part of service"
The actual impact of this is still not known but the number of infected machines is on the rise. The Merchants operating POS terminals need to follow certain steps to counteract this malware infections. All the PoS computers should be thoroughly updated including PoS application software. Also, they need to follow certain other measures like restricting access on PoS systems to PoS related activities only to prevent the Trojan form entering their system. This will also ensure that networks where the PoS systems reside are properly segmented from non-payment network. There are certain other measures which can be followed to prevent any malware attack at POS terminals. PoS counters should "maintain good security policy on the PoS computers (including physical access), disable autorun or autoplay, install and scan anti-malware engines and keep them up-to-date and exercise caution while visiting links within emails received from untrusted users or unexpectedly received from trusted users while also enabling firewall at desktop and gateway level.
The trojan is named as "Dexter, black PoS, memory dump and grabber". The severely potent and quickly spreading trojan can acquire as much as seven different aliases when infecting a system. After successfully breaching all the security measures and protocols of the POS, it steals confidential data like card holder's name, account number, expiration date, CVV code and other discretionary information. The information can then lead to financially compromising and phishing attacks on the card at a later stage. Indian Cyber security experts are reporting it as one of the most potent ones they have recently seen! The malware has built in routines which collect and parse personal sensitive information of the Swiped card from the running processes in memory by enumerating the PoS related process. The Malware also has procedures which can exfiltrate directly without interim storing in the hard disk and thus leaving no trace in the system
Meanwhile Computer Emergency Response Team (CERT-India) has issued an advisory about the attacks to the public
"It has been reported that malware campaigns targeting payment card processing, point-of-sale (PoS), check out systems or equipment are on the rise. The common infection vectors for PoS system malwares includes phishing emails or social engineering techniques to deliver the malware, use of default or weak credentials, unauthorised access, open wireless networks along with the methods of installing malware as a part of service"
The actual impact of this is still not known but the number of infected machines is on the rise. The Merchants operating POS terminals need to follow certain steps to counteract this malware infections. All the PoS computers should be thoroughly updated including PoS application software. Also, they need to follow certain other measures like restricting access on PoS systems to PoS related activities only to prevent the Trojan form entering their system. This will also ensure that networks where the PoS systems reside are properly segmented from non-payment network. There are certain other measures which can be followed to prevent any malware attack at POS terminals. PoS counters should "maintain good security policy on the PoS computers (including physical access), disable autorun or autoplay, install and scan anti-malware engines and keep them up-to-date and exercise caution while visiting links within emails received from untrusted users or unexpectedly received from trusted users while also enabling firewall at desktop and gateway level.