Virtual Threat Contributing Writer
As the Christmas season and holiday shopping hits full swing, cyber criminals are using sophisticated attacks to steal your money and credit card data. The latest scheme infects cash register machines with a malicious piece of software called Dexter malware.
Seculert, an Israeli security firm, has identified a growing trend where criminals are targeting point-of-sale (POS) systems using malicious software designed to steal credit card data. The latest attacks are using a new strain of malware that the security firm has called “Dexter”.
Christmas is always a ripe season for criminals to hatch new schemes to steal your hard earned money. Typically we see hackers using wide-spread attacks that target large numbers of consumer PCs in order to steal data. This type of attack takes a lot of time to implement and relies on the hackers infecting thousands of computers. This year criminals are using more sophisticated methods to target a smaller number of POS systems, which perform thousands of credit card transactions each day.
According to Seculert, the Dexter malware has already been used to infect hundreds of POS systems in retail stores, restaurants, hotels and several private parking garages. Once the malware is installed on a point of sale system, the software then connects to a central command and control (C & C) computer and transfers encoded consumer credit card data to the cyber criminals. The hackers then use the stolen data to create “cloned” credit cards that they can use to withdraw the money.
According to SpiderLabs, a team of ethical hackers, Dexter is a very unusual piece of malware. Josh Grunzweig, a Spiderlabs blogger, was quoted as saying: “I can’t remember the last time I saw a piece of malware that targeted Point of Sale systems that had a nice C&C structure to it.”
Here is what the Dexter malware does in a nutshell:
- Injects itself into iexplore.exe
- Ensures the iexplore.exe process restarts in the event that it is manually stopped
- Ensures persistence via writes to the ‘Run’ registry key
- Scrapes track data through a very common method
- Has a command and control structure with a remote host
Seculert noted that more than 50 percent of the targeted POS systems use Windows XP and another 30 percent run a version of Windows Server. However, most current versions of the Windows operating system have proven to be vulnerable to the malware.
Analysts at Seculert have yet to uncover how the POS systems are being targeted and infiltrated by the Dexter malware, but the company claims that Dexter has already spread to over 40 countries around the world.
My advice? When you plan to do your holiday shopping this season, hit the ATM, or better yet see the teller, at your bank to withdraw enough money to complete your shopping for the day. Nothing beats the feeling of knowing that you have cash in your pocket when you walk up to the register, it is such a simple step that can save you a lot of headaches. This sure beats just blindly reaching for your debit or credit card at each store you visit, and then finding out later that your credit card data has been stolen and your accounts have been drained.
Use a little common sense and keep your accounts, and your money, safe from cyber criminals that are looking to rip you off this holiday season.
You can read a detailed analysis of the Dexter malware performed by the guys over at SpiderLabs by clicking on the link below: