At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

Share this article:
VSkimmer trojan steals card data on point-of-sale systems
At least 4,500 payment cards have been compromised in the United States and Canada by the malware.

At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale (POS) malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.

Andrew Komarov, CEO at IntelCrawler, told SCMagazine.com a bit about JackPOS on Friday, but on Monday, IntelCrawler launched a POS malware infection map that shows 4,533 payment cards have already been compromised by 11 infections in locations including Idaho, California, Utah, Missouri, South Carolina, Pennsylvania, Vancouver and Quebec.

“Our team has successfully received an access to [the command-and-control server] today and extracted cards from it,” Komarov told SCMagazine.com in a Monday email. According to a Monday release, some of the victims were impacted more than 17 days ago.

Looking at numbers across the globe, roughly 3,000 payment cards have been compromised by 12 infections in São Paulo, Brazil. Additionally, 412 payment cards were compromised by two infections in Karnataka, India, and 230 payment cards were compromised by six infections in Madrid, Spain.

“The bad actors use quite similar principles of credit cards dumps gathering and memory parsing methods, but started to add additional techniques to mask it using drive-by download attacks,” Komarov wrote, explaining attackers replaced the official Java update scheduler file with malicious code disguised as Java(TM) Platform SE Binary.

According to the release, the loaders in the drive-by attacks were written in obfuscated AutoIt script, which malware authors have become increasingly reliant on to execute attacks while avoiding anti-virus detection.

“The bad actors have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system thru external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices,” according to the release.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.