Friday, January 17 17:15:42
The cyber security firm IntelCrawler said today it has uncovered six ongoing attacks at merchants across the US whose credit card processing systems are infected with the same type of malicious software used to steal data from 40m cards at Target.
IntelCrawler identified a PoS RAM (random access memory) scraping program dubbed Decebal that they believe was released on Jan. 3. The release shows that cybercriminals are increasingly interested in launching this type of attack.
The malware is written in VBScript (Visual Basic Scripting) in less than 400 lines of code. Despite looking fairly unsophisticated it can grab track 2 data -- data encrypted on the magnetic stripe of credit or debit cards -- from PoS memory and even contains routines to evade malware analysis tools, like antivirus sandboxes and virtual machines.