A threat actor has used two point-of-sale (PoS) malware variants to collect details about more than 167,000 credit cards from payment terminals. Cybercriminals use two PoS malware to steal over 167,000 credit cards.
Cybersecurity firm Group-IB, based in Singapore, claims that the owners of the stolen data dumps might make up to $3.34 million by selling them on dark web forums. Cybercriminals use two PoS malware to steal over 167,000 credit cards.
While JavaScript sniffers (also known as web skimmers), which are covertly installed on e-commerce websites, account for a sizable share of attacks targeted at obtaining payment information, PoS malware remains a persistent concern even though it is less common. Cybercriminals use two PoS malware to steal over 167,000 credit cards.
The Issues
Kaspersky has described new strategies used by a Brazilian threat actor known as Prilex to steal money through dubious transactions.
According to researchers Nikolay Shelekhov and Said Khamchiev, “almost all POS malware variants have a comparable card dump extraction functionality, but distinct ways for sustaining persistence on infected systems, data exfiltration, and processing.”
Also read, Hackers from Brazil’s Prilex Group Resurface with Advanced Point-of-Sale Malware
Both Treasure Hunter and its more sophisticated successor MajikPOS are built to brute-force their way into a PoS terminal or, alternatively, to buy initial access from third parties known as initial access brokers. After extracting payment card information from the system’s memory, they then send it to a remote server. Cybercriminals use two PoS malware to steal over 167,000 credit cards.
It’s important to remember that MajikPOS first came to light in early 2017, primarily impacting companies in the United States and Canada. On the other hand, Treasure Hunter (also known as TREASUREHUNT) has been the subject of reports since 2014, and in 2018 its source code was exposed.
Between February and September 2022, MajikPOS and Treasure Hunter respectively compromised 77,428 and 90,024 unique payment data. According to Group-IB, which located the command-and-control (C2) servers connected to the two PoS viruses.
According to reports, banks in the United States, Puerto Rico, Peru, Panama, the United Kingdom, Canada, France, Poland, and Norway. And Costa Rica issued the majority of the stolen cards. Cybercriminals use two PoS malware to steal over 167,000 credit cards.
The Final words
It is uncertain who the criminals are behind the plan, and it is also unclear at this time whether they have already sold the stolen data to make money.
If the card-issuing banks do not enforce proper protection procedures, this might have serious repercussions. Making it possible for criminals to use counterfeit cards to withdraw money illegally and conduct unlawful transactions.
Also read, Card Skimmers Are Served Up By Magecart On Restaurant Ordering Systems
PoS malware’s restrictions and the security measures put in place by the card payment industry. According to the researchers, have made it less desirable for threat actors recently.
“But it nevertheless poses a serious risk to the payment industry as a whole. And to individual companies that have not yet adopted the most recent security measures. To dismiss PoS malware just yet would be premature.”
