Several hundred POS terminals and ATMs in the United States have been infected by malware designed to steal debit and credit card data, according to security firm Group-IB.
The malware, named “Dump Memory Grabber” is written in C++ without the use of any additional libraries and is capable of collecting Track 1 and Track 2 card data (full name, account number, expiration date, etc.) from infected systems – providing fraudsters all the information they need to create physical card clones.
Upon infection, Dump Memory Grabber modifies the system registry to ensure it runs whenever the affected machine boots, lists all running processes and proceeds to search memory for sensitive payment information. The stolen data is then uploaded via FTP to a remote server believed to be controlled by Russian cybercriminals affiliated with a “big cyber-crime gang.”
The malware is said to have siphoned data associated with debit and credit cards issued by major U.S. banks like Chase, Capital One, Citibank and Union Bank of California.
Group-IB told Security Week that it appears the malware infected most of the POS terminals and ATMs were infected with the help of insiders, such as employees with physical access to the machine or authorization to update system software. Only a handful of systems running Windows XP or Windows Embedded appeared to be compromised remotely. Attackers were also able to exploit vulnerabilities in the banks’ network to plant the malware in some cases.
Group-IB has shared its findings on Dump Memory Grabber with VISA, the affected banks and law enforcement.
[via Security Week]
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+