A new type of malware has been discovered which actively targets point of sale devices. This is bad news for retailers and other locations where card payments occur on a regular basis. MagikPOS is mainly targeting devices in the US and Canada for now, but that does not mean it won’t make an appearance on the international scene in the coming months.
MagikPOS Malware Is A Very Serious Threat
Trend Micro security researchers announced the discovery of MagikPOS on their blog earlier this week. This point of sale malware is used to attack businesses across the US and Canada. According to the researchers, this malware has been around since January of this year, and over 23,000 credit cards have had their information exposed to criminals in the process. It is believed this malware will continue to make the rounds in North America, although an international expansion is not unlikely either.
This particular type of malware has researchers concerned, even though it is not exactly unique. Several similar types of malware have been discovered in recent months, all of which attempt to steal credit card data from point of sale devices. However, one big difference is how MagikPOS is deployed in an entirely different fashion. All victims who suffer from an attack by this malware are mapped out in advance, indicating the criminals behind MagikPOS carefully select their targets before making a move.
Interestingly enough, the MagikPOS malware is not distributed through physical access to the point of sale devices in question. Instead, the developers distribute it after they successfully infiltrate computer systems with a remote access trojan. So far, all of the victims have had such a RAT compromise their systems between August and November of 2016. Each of these remote access trojans helps the criminals in determining whether or not their chosen target is worth exploiting further.
Assuming the victim is a valuable target, the criminals then proceed to use a mix of different tools to get MagikPOS into the computer systems. So far, they have used a mix of remote desktop connection and FTP tools to install the malware itself. Finding a system that can be exploited without compromising the payload is the number one objective, albeit it is easier said than done.So far, this approach seems to be paying dividends, with over 23,000 credit cards having their information extracted due to this malware.
To be more specific, the malware extracts track data from every individual payment card it can access. This information includes the PIN code, allowing the criminals to sell this information on the darknet as so-called “credit card dumps”. Researchers believe all major card issuers are vulnerable to this malware, including American Express and Diners Club. This type of information can fetch a good price on the darknet, especially when it contains all of the necessary information to make a clone of the original credit card.
For the time being, it remains unclear who might be responsible for creating the MagikPOS malware. Considering how it is written in the .NET programming language – which is extremely rare among malware authors – it is likely researchers have never dealt with this adversary before. However, this does not mean the coders created a bug-free solution either. Further research is needed to determine whether or not a solution can be found to counter this malware altogether.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.