As if retail and restaurants didn’t already have enough problems, a new, advanced point-of-sale (PoS) malware is taking aim at businesses across North America and Canada.
MajikPOS, spotted in the wild by Trend Micro, is designed to steal information, but it adds its own special sauce.
“While other PoS malware FastPOS (its updated version), Gorynych and ModPOS also feature multiple components with entirely different functions like keylogging, MajikPOS’s modular tack is different,” the firm said in an analysis. “MajikPOS needs only another component from the server to conduct its RAM scraping routine.”
Trend Micro estimated that so far, the bug has stolen 23,400 stolen credit card tracks, which are being sold on the underground for $9 to $39 each, depending on the type of card. They can also be bought in bulk packages of 25, 50 and 100, priced at $250, $400 and $700, respectively.
The perpetrators are gaining access to victim machines using poorly secured Virtual Network Computing (VNC) and Remote Desktop Protocol (RDP) connections that have easy-to-guess username and password combinations; and RATs previously installed in the system. Trend Micro said the attacks have been around since the end of January.
MajikPOS may scrape data, but it’s operators use a combination of PoS malware and remote access trojans (RATs) to attack their targets. It’s a reflection of the increasing complexity that “bad guys are predicted to employ in their malware to neuter traditional defenses,” said Trend Micro.
"Stolen credentials are the currency of the black market, and this is one way to get them. Malware, RATs, hacks, or breaches - no matter what form the attack takes, it’s almost always about getting useful, valid consumer data for future crimes,” Robert Capps, vice president of business Development, NuData Security, told Infosecurity. “MajikPOS is the latest of more complex and sophisticated attacks that are targeting specific credit card information.”
He added, "Given the ubiquity of consumer data available to online crooks, merchants can no longer assume that it is the true user when valid credentials are presented. The onus is on the service providers and merchants to ensure that they are using adequate security at the infection point but also using controls and multi-layered solutions to truly identify the legitimate user at consumer touchpoints to negate the potential impacts when stolen data is used to transact."