Feeds

Evil Dexter lurks in card reader, ready to SLASH UP your credit score

Modified malware grabs credit card details of 20,000

Next gen security for virtualised datacentres

Cybercrooks have created an improved version of the Dexter point-of-sale malware that's being blamed for slurping the credit and debit card details of holiday shoppers.

A new version of Dexter, first discovered by security researchers Seculert about a year ago, has been planted on 31 infected point-of-sale terminals, located in restaurants and famous shops in various major cities of the US, according to infosec start-up IntelCrawler.

The criminals behind the attack are using StarDust, a modified version of the earlier Dexter malware that takes features from other malware strains including BlackPOS and VSkimmer. StarDust (aka Dexter v.2) has been offered for sale on underground hacking forums since August. The new variant is capable of extracting credit card data from the RAM of compromised devices or by key-logging, as well as by capturing and exfiltrating internal network traffic, according to IntelCrawler. Data is sent via FTP to hosts based in Russia.

“Approximately 20,000 credit cards may have been compromised via this Stardust variation and evidence has been sent to the card associations to determine the points of compromise”, said Dan Clements, president of IntelCrawler.

The problem is far from confined to the US. Security researchers at Arbor Networks have been independently documenting the same threat. They note some infections in the US but a much greater number in the world's eastern hemispheres, as explained in a map and blog post here.

Point-of-sale malware is not unprecedented. One previous well known case involved the infection of 150 terminals at Subway sandwich shops. What sets the latest version of Dexter apart is its in-depth “knowledge” of the workings of PoS applications such as Clearview PoS.

It's unclear how the Dexter malware gets itself onto infected systems. Curt Wilson, a senior research analyst with Arbor Networks, does however have a few theories about how the Windows-based malware is spreading.

"The exact method of compromise is not currently known, however PoS systems suffer from the same security challenges that any other Windows-based deployment does,"Wilson writes. "Network and host-based vulnerabilities (such as default or weak credentials accessible over Remote Desktop and open wireless networks that include a PoS machine), misuse, social engineering and physical access are likely candidates for infection."

”Additionally, potential brittleness and obvious criticality of PoS systems may be a factor in the reportedly slow patch deployment process on PoS machines, which increases risk," he added. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?