A Malware known as ‘Nemanja’ Compromises nearly 1500 POS Devices Worldwide

SCMagazine.com reported on 22nd May, 2014 stating that a recently discovered malware namely 'Nemanja' compromised nearly half a million payment cards used in hotels, grocery stores and other business throughout the world including U.S. and also infected around 1,500 point-of-sale (POS) devices.

Cyber intelligence company IntelCrawler discovered the massive worldwide Nemanja botnet in March 2014 which included more than 1,478 hosts in more than 35 countries across the world including the U.S., UK, Canada, Australia, China, Japan, Israel and Italy along with other developing countries.

The malware had the potentiality to gather credit card details in addition to keylogging ability to seize credentials gaining access to other machines and databases which enclosed payment or personal information related to one's identity.

SCMagazine.com reported on 22nd May, 2014 quoting Andrew Komarov, CEO of IntelCrawler as saying "The botnet is the work of a single group of cyber crooks supposed to be based at Serbia." He added that New York, California, Washington and Colorado in U.S. have been high priority target.

Komarov said that it is one of those cases where a group of hackers developed their own malware with clear commercial scheme to attack their targets but Nemanja does not seem to be up for sale. He added that they seize credit cards from infected POS devices and then resell the data on black market through their own shops and partners.

Komarov noted that if all stolen data was sold on prevailing black market rates then millions of dollars could have been made in this scheme which involves creating fraudulent payment cards and laundering money via registered POS and mobile POS devices.

IntelCrawler forecasts that POS malware will very soon be included in tainted RATs [Remote Access Tools] as modules or other programs of Trojan and shall be used with other components, such as keylogging or sniffing of network traffic.

Security vendor Trustwave recently reported that the data breaches probed by them in 2013, led to the scintillating finding that one in every three breaches involved hijacked PoS terminals. Verizon in April 2014 released a separate study based on bigger data breach caseload revealing intrusions of PoS in 14% of definite data breaches.

» SPAMfighter News - 6/2/2014