At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

Share this article:
VSkimmer trojan steals card data on point-of-sale systems
At least 4,500 payment cards have been compromised in the United States and Canada by the malware.

At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale (POS) malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.

Andrew Komarov, CEO at IntelCrawler, told a bit about JackPOS on Friday, but on Monday, IntelCrawler launched a POS malware infection map that shows 4,533 payment cards have already been compromised by 11 infections in locations including Idaho, California, Utah, Missouri, South Carolina, Pennsylvania, Vancouver and Quebec.

“Our team has successfully received an access to [the command-and-control server] today and extracted cards from it,” Komarov told in a Monday email. According to a Monday release, some of the victims were impacted more than 17 days ago.

Looking at numbers across the globe, roughly 3,000 payment cards have been compromised by 12 infections in São Paulo, Brazil. Additionally, 412 payment cards were compromised by two infections in Karnataka, India, and 230 payment cards were compromised by six infections in Madrid, Spain.

“The bad actors use quite similar principles of credit cards dumps gathering and memory parsing methods, but started to add additional techniques to mask it using drive-by download attacks,” Komarov wrote, explaining attackers replaced the official Java update scheduler file with malicious code disguised as Java(TM) Platform SE Binary.

According to the release, the loaders in the drive-by attacks were written in obfuscated AutoIt script, which malware authors have become increasingly reliant on to execute attacks while avoiding anti-virus detection.

“The bad actors have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system thru external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices,” according to the release.

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.