Is Dexter related to the cyber-malware that has
hit US retailers such as Target , Neiman Marcus
and Michaels Stores ?
Cyber security researchers have detected a virus in online banking transactions, warning customers who swipe debit or credit cards at shopping counters as well as companies who stock them. This is according to TechRadar Pro.
The virus, which is spreading at a “severe” rate according to CERT, has been detected operating in point of sale (PoS) counters at retail terminals in Asia, infecting their connection to online banking sources. Named “Dexter”, it can acquire several aliases when infecting systems.
Malware programs designed for PoS systems are commonly referred to as RAM scrapers, because they search the terminal’s random access memory (RAM) for transaction data and steal it. PoS systems are actually computers with peripherals like card readers and keypads attached to them. Many of these systems run a version of Windows Embedded as the OS as well as special cash register software.
Once the virus breaches the security of the target, it then begins to mine confidential data, including names, account numbers, sort codes and expiration dates. With the information from a card’s magnetic stripe, known as track 1 and track 2 data, criminals can effectively clone the card.
CERT, in an advisory, said that the malware campaigns targeting payment card processing, point-of-sale and check-out systems are on the rise, due to the ease of copying data. Many security firms have stressed in recent months that companies should shore up the security systems of the PoS terminals to avoid any form of compromise.
Last week it was revealed that U.S retail giant Target had been infected with a PoS virus that had stolen the names and addresses of 70 million customers.
'Dexter' trojan affecting PoS terminals in India,
steals card information
Cyber-security sleuths have detected a "black" private information stealing trojan in the Indian online banking transactions space, and have alerted consumers who swipe debit or credit cards at shopping counters to make payments.
The "severely" spreading trojan been detected conducting its clandestine operations at the Point of Sale (PoS) counters placed at retail terminals after the RBI made it mandatory in December last year for debit cards holders to punch in their PIN every time they make a purchase.
The trojan named "Dexter, black PoS, memory dump and grabber" can acquire seven aliases when infecting a system and once it is successful in breaching the security protocols of a PoS terminal, it steals confidential data like card holder's name, account number, expiration date, CVV code and other discretionary information which could lead to financially compromising and phishing attacks on the card at a later stage.
"It has been reported that malware campaigns targeting payment card processing, point-of-sale (PoS), check out systems or equipment are on the rise.
"The common infection vectors for PoS system malwares includes phishing emails or social engineering techniques to deliver the malware, use of default or weak credentials, unauthorised access, open wireless networks along with the methods of installing malware as a part of service," a latest advisory issued to the public by the Computer Emergency Response Team (CERT-India) said.
The CERT-In is the nodal department to protect Indian cyberspace and software base infrastructure against any destructive and hacking activities.
The trojan is so potent and deadly that once it steals the sensitive data it quietly exits the infected machine without leaving much trail of its existence.
"The malware has routines to collect and parse personal sensitive information from the running processes in memory by enumerating the PoS related processes and has procedure to exfiltrate directly without interim storing in the hard disk," the advisory said.
In order to save debit cards from financial frauds and loss of hard earned money of the holder, the RBI had made it mandatory for punching of the PIN of the customer at the PoS, which is nothing but an individuals ATM PIN.
A senior official working in the counter-cyber attacks department said while customers should be vigilant about their debit and credit cards activities at sale counters swiping, PoS terminals should also firm up their defence mechanisms so that their systems are not compromised.
The agency has suggested some counter-measures against these malware attacks.
"Keep all PoS computers thoroughly updated including PoS application software, restrict access on PoS systems to PoS related activities only, ensure the networks where the PoS systems reside are properly segmented from non-payment network and restrictive policies on usage should be deployed and enforced," the agency recommended.
The agency also pointed out that PoS counters should "maintain good security policy on the PoS computers (including physical access), disable autorun or autoplay, install and scan anti-malware engines and keep them up-to-date and exercise caution while visiting links within emails received from untrusted users or unexpectedly received from trusted users while also enabling firewall at desktop and gateway level."