vSkimmer Trojan Going After Point-Of-Sale Systems


New malware called vSkimmer has surfaced on a Russian hacker forum that its owner says can be used to detect credit card readers and steal data from the Windows systems that support them.

Security firm McAfee said the malware sends the data to a remote command and control server. Chintan Shah, a security researcher at McAfee, said the company first detected the Trojan Jan. 18. Once installed, the Trojan is designed to detect the card reader and then scan the system supporting it, sending device and system information to the remote server.

The Trojan is also designed to be used locally in the event that the system is not connected to the Internet. The malware will wait for a USB device to connect and copy over the stolen data, Shah wrote in his analysis of the malware.

[Related: Data Breach Security From A To Z]

"vSkimmer can also grab the Track 2 data stored on the magnetic strip of the credit cards," Shah wrote. "This track stores all the card information including the card number."

Point-of-sale systems have been a favorite target of attackers and a common source of data breaches at smaller retailers, restaurant owners, hotel operators and other firms with limited IT staff and resources, according to Trustwave, which issued its global threat report in February.

The Chicago-based security firm said e-commerce and point-of-sale system attacks accounted for more than half of its data breach investigations. Weak passwords, poor patching and remote access management tools continue to be a boon to cybercriminals, Trustwave said. The Payment Card Industry Data Security Standard requires merchants to segment off payment systems from the rest of the network, but PCI DSS also requires additional safeguards, including encryption, to protect credit card data.

The Verizon Data Breach Investigations report, which analyzes hundreds of breaches annually for attack trends, also points out that firms often fail to monitor their network for suspicious activity.

Despite rising concerns about intellectual property theft and targeted attacks, financially motivated cybercrime aimed at draining bank accounts or stealing credit card data remain a vital operation for cybercriminals, Shah said.

"vSkimmer is another example of how financial fraud is actively evolving and how financial Trojans are developed and passed around in the underground community," Shah wrote. "This botnet is particularly interesting because it directly targets card-payment terminals running Windows."

PUBLISHED MARCH 25, 2013