Feeds

Evil Dexter lurks in card reader, ready to SLASH UP your credit score

Modified malware grabs credit card details of 20,000

The Essential Guide to IT Transformation

Cybercrooks have created an improved version of the Dexter point-of-sale malware that's being blamed for slurping the credit and debit card details of holiday shoppers.

A new version of Dexter, first discovered by security researchers Seculert about a year ago, has been planted on 31 infected point-of-sale terminals, located in restaurants and famous shops in various major cities of the US, according to infosec start-up IntelCrawler.

The criminals behind the attack are using StarDust, a modified version of the earlier Dexter malware that takes features from other malware strains including BlackPOS and VSkimmer. StarDust (aka Dexter v.2) has been offered for sale on underground hacking forums since August. The new variant is capable of extracting credit card data from the RAM of compromised devices or by key-logging, as well as by capturing and exfiltrating internal network traffic, according to IntelCrawler. Data is sent via FTP to hosts based in Russia.

“Approximately 20,000 credit cards may have been compromised via this Stardust variation and evidence has been sent to the card associations to determine the points of compromise”, said Dan Clements, president of IntelCrawler.

The problem is far from confined to the US. Security researchers at Arbor Networks have been independently documenting the same threat. They note some infections in the US but a much greater number in the world's eastern hemispheres, as explained in a map and blog post here.

Point-of-sale malware is not unprecedented. One previous well known case involved the infection of 150 terminals at Subway sandwich shops. What sets the latest version of Dexter apart is its in-depth “knowledge” of the workings of PoS applications such as Clearview PoS.

It's unclear how the Dexter malware gets itself onto infected systems. Curt Wilson, a senior research analyst with Arbor Networks, does however have a few theories about how the Windows-based malware is spreading.

"The exact method of compromise is not currently known, however PoS systems suffer from the same security challenges that any other Windows-based deployment does,"Wilson writes. "Network and host-based vulnerabilities (such as default or weak credentials accessible over Remote Desktop and open wireless networks that include a PoS machine), misuse, social engineering and physical access are likely candidates for infection."

”Additionally, potential brittleness and obvious criticality of PoS systems may be a factor in the reportedly slow patch deployment process on PoS machines, which increases risk," he added. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.