Payment Terminal Botnet Collected over 1.2 million Card Details Since April

Credit card fraud is still on the rise, despite countermeasures by card issuers and banks. As it turns out, there is a growing point-of-sale botnet in the United States, linking hacked payment terminals together. This allows hackers to monitor credit card information in real-time and abuse any information passing through these terminals.

Malware-infected Payment Terminals In The US

TheMerkle_Payment Terminal Botnet

According to KrebsOnSecurity, the point-of-sale botnet comprises of over 100 infected systems, most of which seem to be running a malicious Windows process. To make matters even worse, the control panel of this botnet lists full credit card information, including card number, address, and verification code.

It appears as if a lot of these card details are coming from CiCi’s Pizza locations across the US. Several customers have complained about fraudulent transactions with their cards after enjoying a meal at one of the local restaurants. However, this does not mean the attack is coordinated to target that particular brand alone. In fact, it is impossible to tell how many systems are infected in total, as the botnet only shows Internet-connected systems.

Moreover, KrebsOnSecurity mentioned how there were over 1.2 million unique credit and debit card numbers stored in the botnet database right now. That being said, it is possible the total number is much higher, as the botnet logs only go back to April 2016. Over 1 million payment cards at risk of being used for fraud in just ten weeks is astonishing.

Punkey seems to be powering this whole payment terminal botnet, as it is a POS malware first discovered at the end of 2015. This particular type of malware can record keystrokes on infected devices. By the look of things, the hackers resorted to social engineering to install malware on these terminals. Datapoint POS employees have been approached, and it is likely other providers are affected as well.

Infecting a payment terminal with malware is a convenient way for Internet criminals to obtain payment card information. It is impossible to tell whether or not a payment terminal can be traced by looking at it, and the malware will not interfere with its day-to-day operations either. These obtained credit card dumps, as they are called, can be quite valuable to the right buyer on underground marketplaces.

Source; KrebsOnSecurity

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

Leave a Reply