A new botnet from Russia – vSkimmer – has been discovered from underground malware forums, developed to steal payment related data.
This new cyber threat targeting the payments industry was revealed and reported by McAfee, reported to originate from Russia.
One of McAfee’s security experts, Chintan Shah, wrote on the security company’s blog that whilst monitoring “Russian underground” forums he found messages about a Trojan for sale that can steal credit card information from computers running the Windows Operating System.
Furthermore, the vSkimmer malware agent has the ability to detect card readers on the device it is running on, collect all the necessary information from the device and and send it to a remote server.
Apart from collecting the Machine GUID from the Registry, Locale info, Username, Hostname and OS version, vSkimmer also collects what is called Track 2 data, the data stored on the magnetic strip of credit cards. This data includes the card number, CVV code and expiration date.
What also makes vSkimmer dangerous for the payments industry is that it is relatively undetectable on the device it has been installed on. It operates by waiting for a named USB device that reads cards to be attached to the infected device and once it detects it it starts collecting the necessary data.
