BE AWARE!!

New MajikPOS Malware Targets Point-of-Sale Systems in US & Canada

Security vendor Trend Micro has warned of a new point-of-sale (POS) malware that is being used to attack POS Systems belonging to businesses in US and Canada. The malware, which Trend Micro are calling “MajikPOS”, started first infecting POS Systems in the last week of January and has been used to steal data on at least 23,400 credit cards.

“Once potential victims are identified, the attackers use a pair of executables to run the attack – an implant and a scraper for getting the credit card numbers. The approach ensures that if the initial stage of an attack fails, the core malware itself is not compromised.”

Trend Micro researchers describe MajikPOS as malware that is similar in purpose to other recent POS data stealing tools, such as FastPOS and ModPOS, but different from them in the manner in which it deploys. Many MajikPOS infections have involved the use of a remote access Trojan (RAT) that appears to have been installed on the systems sometime between August and November last year. The RATs are designed to determine if the systems on which they have been installed are worthy of further exploitation.

If the endpoint appears promising, the operators of MajikPOS malware then use a combination of methods including VNC, Remote Desktop Connection, and command-line FTP to install the POS malware.

Another interesting aspect of MajikPOS is that it is coded in .NET, which is a somewhat rare choice of programming framework for malware authors.

Once installed on a system, MajikPOS inventories it thoroughly for payment card numbers, including looking for them in memory, and then exfiltrates the data to its command-and-control server.

For More Information, call us on 1866-446-2954 and we’ll be happy to assist you.