Cybersecurity researchers have discovered two strains of POS (POSMalware that runs in the wild and steals people’s credit card information.
So far, they have stolen more than $3.3 million in payment data, but given that the strains are active, that number is likely higher now.
Cybersecurity researchers Nikolai Shelekhov and Saeed Khamechev of Group-IB discovered the strains – called MajikPOS and Treasure Hunter – earlier this year, when they stumbled upon Command and Control (C2) servers. Through the server, they were able to conclude that a file Malware The operators – whose identities were unknown at the time – stole payment information from tens of thousands of credit card holders.
Tens of thousands of stolen credit cards
Between February 2021 and September 2022, they were able to obtain details of more than 167,000 credit cards. Researchers claim that this information could be worth more than $3.3 million on the black market.
All stolen data largely belong to credit card holders in the United States. The researchers took a month to analyze about 77,000 dump cards from the MajikPOS board, and about 90,000 from the Treasure Hunter board, after which they concluded that 97% of the cards from the MajikPOS, and 96% from the Treasure Hunter, were issued by US banks. The rest were issued by banks around the world.
Investigators added that law enforcement authorities have been notified.
To infect POS endpoints, attackers first scan networks for open or improperly secured virtual network computing (VNC) and remote desktop Protocol Services (RDP). They will get into (or make their way into) systems, and install malware. Then, the malware will scan and exploit devices at the moment when credit card data is being read and stored.
To guard against such attacks, companies must ensure that their POS systems are protected with a strong password, regularly updated with the latest software, hidden behind firewalls and more. Cyber Security Solutions (Opens in a new tab).
Across: record (Opens in a new tab)