PoS Malware Steals Credit Card Data via DNS Requests [source: bleepingcomputer]
by CIRT Team
Malware hunters from US security firm Forcepoint have stumbled across a new strain of Point of Sale (PoS) malware, the second such type of PoS malware that hides stolen credit/debit card information inside DNS requests.
The first PoS malware that was first seen employing this technique was a lesser known version of the NewPosThings PoS malware —named MULTIGRAIN—, discovered in April 2016 by fellow US cyber-security firm FireEye.
But while MULTIGRAIN had been used in real-world attacks, Forcepoint says it did not find any evidence suggesting this new strain of PoS malware —named UDPoS— has made any victims as of yet.
UDPoS less sophisticated than similar PoS malware strains
According to Forcepoint’s Robert Neumann and Luke Somerville, UDPoS appears to be less sophisticated than recent strains of PoS malware, suggesting the individual/group behind it might just be taking the first steps in the realm of PoS systems.
These observations are important because most recently-detected strains of PoS malware are highly complex pieces of code, usually working in the computer’s memory to avoid the detection of on-disk resources by security software.
The faulty or unsophisticated code, along with the reliance on on-disk artifacts suggests the threat actor behind UDPoS is largely unsophisticated, or inexperienced when it comes to interacting with PoS systems.
For more, click here.