PoS malware also targeting ticket vending machines and electronic kiosks

  • 26 November 2014
  • 2 replies
  • 355 views

Userlevel 7
Badge +54
By Lucian Constantin  Nov 26, 2014
 
Cybercriminals are using malware designed to steal payment card information from point-of-sale systems to also infect ticket vending machines and electronic kiosks.
 
Security researchers from cybercrime intelligence firm IntelCrawler found a new malware program called d4re|dev1|—hacker spelling for daredevil—that is capable of stealing information from multiple PoS systems including QuickBooks Point of Sale Multi-Store, OSIPOS Retail Management System, Harmony WinPOS and Figure Gemini POS.
“This new strain of malware, which is hitting Mass Transit Systems, acts as an advanced backdoor with remote administration, having RAM scrapping and keylogging features,” the IntelCrawler researchers said Wednesday in a blog post.
 
Full Article

2 replies

Userlevel 7
Badge +54
A bit more information on the subject.
 
by Pierluigi Paganini on November 27th, 2014
 
InterCrawler reports that cybercriminals also compromised ticket vending machines used by mass transportation systems and electronic kiosks installed in public areas. One of the infected ticket vending machine was identified in August in Sardinia, Italy, and attackers obtained the access exploiting credentials for a VNC (Virtual Network Computing).
“These kiosks and ticket machines don’t usually house large daily lots of money like ATMs, but many have insecure methods of remote administration allowing for infectious payloads and the exfiltration of payment data in an ongoing and undetected scheme,” states IntelCrawler.
http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/Pos-malware-dareldavil-1024x572.png
In a classic attack scenario, threat actors used to compromise the targeted POS by discovering the remote administrative credentials, for example through a brute force attack.
 
Full Article
Userlevel 7
By Darren Pauli, 1 Dec 2014
 
A financial malware strain has been found targeting payment systems behind transit systems and kiosks sucking up all manner of junk data, researchers say.
The malware dubbed d4re|dev1l (dare devil) has been found in kiosks at Italy's regional transport company Azienda Regionale Sarda Trasporti, as well as at undisclosed companies – including at least one Australian business running an enterprise point-of-sale terminal.
 
full article

Reply