12-05-2013 11:13 AM
Watch your credit or debit card carefully this holiday season.
New attack campaigns have infected point-of-sale (PoS) systems around the world with sophisticated malware designed to steal payment card and transaction data.
Researchers from security firm Arbor Networks found two servers that were used to collect data stolen from PoS systems by variants of the Dexter malware and a similar threat called Project Hook.
Dexter and Project Hook are designed to steal Track 1 and Track 2 information written on the magnetic stripes of payment cards when transactions are processed on the infected PoS terminals. Attackers can use this information to clone the cards.
The servers found by Arbor Networks were active at the beginning of November and the data found on them suggests that the Dexter campaign mainly infected systems in Eastern Hemisphere countries. The Project Hook malware infected PoS systems mostly in the U.S. and Europe.
The Arbor Networks researchers identified three separate versions of the Dexter malware, dubbed Stardust, Millenium, and Revelation. The first version of Dexter was found in November 2012 by researchers from Israeli security firm Seculert.
The source code for Dexter version 1.0 was leaked, which resulted in increased interest from cybercriminals in PoS malware, according to researchers from IntelCrawler, a Los Angeles-based security intelligence startup firm.
IntelCrawler recently identified a botnet of 31 PoS terminals from restaurants and well-known stores in seven major U.S. cities that were infected with a StarDust variant, said Andrey Komarov, IntelCrawler’s CEO, via email.