Retailer point-of-sale systems may be at risk of malware that steals credit card data.
Israel-based security firm Seculert has identified a strain of malware, dubbed Dexter, which it asserts has infected hundreds of point-of-sale (POS) systems across 40 countries in the past two to three months. English-speaking countries appear to be a prime target, with 30 percent of infections in the U.S., 19 percent in the U.K., and 9 percent in Canada.
Rather than targeting thousands of individual machines through traditional Trojans or phishing emails, the custom-made malware targets specific POS systems. The malware injects itself into the file iexplore.exe in Windows servers before hijacking process lists, stays active through rewriting in the registry key, and then scrapes sensitive credit card data from the server -- before transferring it through a remote command and control (C&C) system.
Once data is found and transferred, the cyberattackers are able to use this information to clone credit cards that have been used in the system -- which could be any retailer from a store to a hotel to a restaurant.
What is unclear is how exactly the malware is entering the systems in the first place, Seculert said in its blog post. The company did not name specific businesses that have been attacked.
Seculert noted that more than 50 percent of the targeted POS systems use Windows XP and another 30 percent run a version of Windows Server. The operating systems infected so far are labeled below:
According to Spiderlabs, a team of ethical hackers working for security-software analysis firm Trustwave, Dexter has an unusual nature. Spiderlabs blogger Josh Grunzweig noted: "I can't remember the last time I saw a piece of malware that targeted Point of Sale systems that had a nice C&C structure to it."