Researchers uncover months-old POS malware botnet
Posted on 31.01.2014
With the Target and Neiman Marcus breach being all over the news in the last few weeks, the topic of malware that collects card data directly from Point-of-Sale devices has received renewed interest.

The PoS malware used in the former has been identified as a modified version of the BlackPOS malware, but there are other similar ones currently in use out there.

RSA researchers have recently discovered the entire server infrastructure used in a global PoS malware operation that targets retailers in the US, Russia, Canada and Australia, and have managed to access part of it.

The malware in question is the ChewBacca Trojan, which is capable of logging keystrokes and scraping the memory of PoS systems and the card magnetic stripe data they contain.

"RSA observed that communication is handled through the TOR network, concealing the real IP address of the Command and Control server(s), encrypting traffic, and avoiding network-level detection," they noted. "The server address uses the pseudo-TLD '.onion' that is not resolvable outside of a TOR network and requires a TOR proxy app which is installed by the bot on the infected machine."

The botnet in question began its work in late October 2013, and it seems to be operated by an individual from a country in Eastern Europe.

"The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months," the researchers noted.

"Retailers have a few choices against these attackers. They can increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), or they can encrypt or tokenize data at the point of capture and ensure that it is not in plaintext view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors."


The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Jul 28th