#CyberFLASH: RawPOS Point-of-Sale Malware Checks in to Hotels and Casinos

NYBZ120-15_2013_124926_highSecurity researchers have shed new light on seven-year-old point-of-sale (POS) malware still being used today, most recently to attack casinos and resort hotels.

RawPOS was first spotted in a Visa Data Security alert in 2008 and has been used repeatedly with success by cyber-criminals in order to steal valuable magstripe data from victims in the United States, Canada, Europe, the Middle East, and Latin America.

As such, it may have been “instrumental to previous credit card breaches documented and not previously attributed to this particular PoS threat,” Trend Micro claimed in a blog post.

RawPOS features a three-stage modular design.

The first is designed for persistence, installing the malware and ensuring its memory dumper and file scraper are launched.

The second features two memory dumpers: “one generic dumper that can be called to dump a specific process, and another dumper that is designed for specific processes that target specific PoS applications.”

This generic dumper element is time-sensitive, so that if an attacker isn’t able to return to the target environment a month after compile time, it will stop all suspicious activity, making dynamic file analysis difficult, Trend Micro claimed.

The file scraper parses the dumped files from the memory dumper, scrapes the credit card data and encodes the dumped data.

The modular design means attackers can tailor the threat according to target environments, Trend Micro said.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.