Don’t let restaurants swipe your credit cards

June 12, 20150

MUMBAI, INDIA: Trend Micro has found a new malware—MalumPOS malware which has the ability to steal payment data from point-of-sale systems running the Micros platform of Oracle software.

Trend Micro threat analyst Jay Yaneza, Threat Analyst, Trend Micro, wrote in his blog post that POS RAM scrapers like MalumPOS are designed to scrape off credit card data from an infected systems’ RAM. Every time the magnetic stripe of a credit card is swiped, the malware can steal stored data such as the cardholder’s name and account number.

This data can then be ex-filtrated and used to physically clone credit cards or, in some cases, commit fraudulent transactions like online purchases.

In this case, Yaneza says that the malware’s prime target is Oracle’s Micros platform, which is currently deployed on more than 3 lakh sites worldwide. The software is widely used in the US, especially within the hospitality, food and beverage, and retail industries, putting numerous high-profile companies and their customers at risk.

He explains some key features of the malware. The malware can disguise itself in the system as the NVIDIA Display Driver and sift through POS data to locate pertinent credit card information. One of the more concerning aspects of MalumPOS is that it is configurable by design; this allows cyber criminals to easily tweak the malware to breach any POS.

It must be recalled that earlier this year, security researchers found two new families of POS malware that use a single component to seek out card data while another sends the coveted information directly to the cyber thieves.

Courtesy: www.ciol.com

Read More