A new type of custom-made malware, installed remotely to steal credit card information directly from point-of-sale (PoS) terminals at retail stores, hotels and private parking providers, has been uncovered by researchers from Internet security firm Seculert.
The malware, called “Dexter”, has infected hundreds of businesses over the past two to three months. According to the researchers at Seculert, cybercriminals are targeting larger systems, from which the malware can capture a substantial amount of data, rather than aiming for individual transactions.
Dexter is stealing the process list from the infected machine, while parsing memory dumps of specific POS software related processes, looking for Track 1 or Track 2 credit card data. This data will most likely be used by cybercriminals to clone credit cards that were used in the targeted POS system, Seculert said.
The malware was taken from a string of code found in one of the malware’s files.
“Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few PoS systems with specially crafted malware. Dexter is one example of such malware,” Seculert said in a blogpost.
While security experts are not sure on how the cybercriminals were targeting PoS systems, they claimed to have noticed that almost a third of targets were using Windows servers and the stolen information was uploaded to a server hosted in the African nation of Seychelles.
The attacks are unlimited to any geographical region as “PoS systems have been identified to date as having targeted in 40 different countries across the globe”, however, it is not sure how many unknowns are out there.
According to Seculert, 42 percent of the infections — the largest — were reported in North America, 30 percent of this in the US. The UK saw 19 percent and Canada 9 percent.
Thus far, hundreds of system have had data stolen in the past few weeks, according to IDG News Service.
Seculert was, however, reluctant to name the affected businesses that fell victim to the infections.
“We cannot comment on specific victims of the attack,” said Aviv Raff, CTO at Seculert, reported Dark Reading. “I can say that there are different retailers that were part of the victim list.”
Some security experts observe that the intention of stealing massive amounts of credit card information is to clone cards.
Cybercrime has been a cause of worry worldwide. 2012 has seen hundreds of retailers targeted. In October, it was reported PIN pad tampering affected 63 Barnes and Noble stores, although security experts were unclear on the kind of malware.
In Africa, cybercrime is reportedly escalating faster than anywhere else in the world, according to the Cyber Security Africa team.
“Some 8,000 incidents were recorded in Africa, more than 4,000 on fraud, 2,000 phishing attacks on banks. We have also seen data breaches on some organizations in Africa,” said Cyber Security operations manager Luke Mulunda.
Last year alone, Kenya lost KSh3 billion (US$35 million) to cybercrime, 0.05 percent of GDP. South Africa lost 0.01 percent of GDP to cybercrime, while in the United States the loss was 0.02 of total GDP.
Mulunda argued that the rising in security issues in Africa’s cyberspace can be blamed on the lack of information by device users on the gadgets that connect to the Net.