VSkimmer Trojan Steals Card Data on Point-of-Sale Systems


March 22, 2013

Researchers have discovered a new trojan capable of stealing credit card data from point-of-sale (POS) systems, and it appears to be an updated version of Dexter, similar malware targeting card-swiping devices.

On Thursday, Chintan Shah, a security researcher for McAfee Labs, blogged about VSkimmer, which is capable of grabbing data – account numbers, expiration dates and service code numbers – stored on the magnetic strip of credit cards.

In the post, Shah also said the trojan targets Windows machines.

“The malware, vSkimmer, can detect the card readers, grab all the information from the Windows machines attached to these readers, and send that data to a control server,” Shah said.

McAfee researchers noticed participants on an online Russian forum discussing a potential sale, and began to analyze the trojan.

“The author of the thread also discusses other capabilities of this malware, which appears to be a successor of Dexter, but with additional functions,” Shah said.

Dexter was originally detected in December 2012 by researchers at Seculert, an Israel-based security firm. It too targeted PC POS terminals, devices swiped during purchases.

According to Shah, the fact that VSkimmer was targeting terminals running Windows showed how “financial fraud is actively evolving and how trojans are developed and passed around in the underground community,” he wrote.

In a Friday interview with SCMagazine.com, Adam Wosotowsky, messaging data architect at McAfee Labs, said that attackers likely started infecting machines with VSkimmer via USB devices.

“A USB [infection vector] would require an inside job or confidence scam – talking people into allowing you to [access] these machines,” Wosotowsky said.

McAfee has yet to confirm the number of infections. Its oldest sample of the malware dates back to February 13. Wosotowsky said, however, that efforts to leverage the trojan have been very “targeted,” so VSkimmer cases are likely not widespread.

“This is specialized malware, and it’s a trend we are seeing more of – [attackers] going directly after point-of-sale systems,” he said. “There’s a lot of activity moving in this direction.”

4 Responses to VSkimmer Trojan Steals Card Data on Point-of-Sale Systems

  1. QUORiON says:

    These attacks seem to take place at an increasingly alarming rate. Another example why an embedded POS system with a propriatary OS may represent a better alternative than PC based point of sale systems.

  2. Hammatt says:

    Truly enjoy examining on this web site , it has great content .

  3. Michael Kors says:

    Hello I like your blog. We enrolled in notifications.

  4. T.O. says:

    I wanna thank you for publicing this great information. Keep up the good work. I’ll subscribe to your site also. Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 883 other followers

%d bloggers like this: