Dexter malware infects point-of-sale systems worldwide

Researchers from Israel-based IT security firm Seculert have uncovered a custom-made piece of malware that infected hundreds of point-of-sale (PoS) systems from businesses in 40 countries in the past few months and stole the data of tens of thousands of payment cards.

The malware was dubbed Dexter after a text string found in some of its components and infected Windows-based PoS systems belonging to big-name retailers, hotels, restaurants and even private parking providers.

It was determined the destination was a server hosted in the Republic of Seychelles, where the malware uploaded the stolen payment card data.

Since this is an ongoing attack it’s hard to determine exactly how many PoS systems have been compromised so far, but it’s probably between 200 and 300, Raff said. The total number of compromised payment cards is equally hard to estimate, but tens of thousands seems to have been compromised just in the past few weeks.

The origin of the attackers is unclear, but strings found in the malware suggest that the developers are fluent English speakers.

The method used to infect these systems has not been determined yet, but given that many of them run Windows Server and are most likely not used for Web browsing, it is believed that the attackers probably compromised other computers on the same networks first and then infected the PoS systems.

When researchers found the Dexter sample, there were some antivirus programs that already detected it as malicious. These companies have since shared it with other vendors from the security industry.

If the targeted companies would have encrypted the data directly on the hardware PoS terminals before sending it out to their payment processing providers, a method commonly known as end-to-end encryption, attacks like the ones based on the Dexter malware could have been prevented.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: