Trend Micro Discovers New MalumPoS POS Malware

Softpedia.com published news on 8th June, 2015 quoting security firm Trend Micro as saying "Cybercriminals created a new malware for point-of-sale dubbed MalumPoS which can be set up to collect data card from multiple payment processing systems making it one of the most flexible threats in its category."

The new malware (MalumPoS) piece is presently focused at PoS (point-of-sale) systems powered by Oracle MICROS which is a platform mostly found at hospitality and retail businesses.

While the security vendor did not disclose how the malware reaches processing machines, it says that MalumPoS which is written in Delphi can monitor running processes and scratch the memory content of tainted processes and RAM. The malware can embezzle stored data like names along with account numbers of cardholder as and when his/her credit card is swiped in an infected machine.

MalumPoS is planned in such a way that it can be configured which means that cyber crooks can modify or add other processes of POS system, targets and regions to be scraped. For instance, MalumPoS could be configured to comprise Radiant or NCR Counterpoint PoS systems to its targeted list making a broader ground of retailers more vulnerable.

As and when the malware is installed in a system, it conceals itself as "the Nvidia Display Driver" and is sometimes fashioned as the "Nvidia Display Driv3r". Nvidia normally does not play an significant role in POS systems but the familiarity of the branding and a driver which is an important part in systems employed to make sure that outer function correctly could place minds of victim at relieve by appearing genuine to an average user.

Rdasrv said that research by the security firm shows that MalumPoS shares similarities with a threat of the same kind.

One common thing besides using the same regular expression is lack of capabilities of data exfiltration suggesting that the information is collected with the help of a different piece of malware. But, a clear relation between the two cannot be highlighted.

Several potential victims are located in the United States.

Computerworld.com published a report on 8th June, 2015 quoting Trend Micro as saying "Unfortunately, numbers of memory-scraping PoS malware programs have grown over the past many years; they seem to be the weapon of choice for cybercriminals looking to steal data of payment card."

» SPAMfighter News - 6/16/2015