At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

Share this article:
VSkimmer trojan steals card data on point-of-sale systems
At least 4,500 payment cards have been compromised in the United States and Canada by the malware.

At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale (POS) malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.

Andrew Komarov, CEO at IntelCrawler, told SCMagazine.com a bit about JackPOS on Friday, but on Monday, IntelCrawler launched a POS malware infection map that shows 4,533 payment cards have already been compromised by 11 infections in locations including Idaho, California, Utah, Missouri, South Carolina, Pennsylvania, Vancouver and Quebec.

“Our team has successfully received an access to [the command-and-control server] today and extracted cards from it,” Komarov told SCMagazine.com in a Monday email. According to a Monday release, some of the victims were impacted more than 17 days ago.

Looking at numbers across the globe, roughly 3,000 payment cards have been compromised by 12 infections in São Paulo, Brazil. Additionally, 412 payment cards were compromised by two infections in Karnataka, India, and 230 payment cards were compromised by six infections in Madrid, Spain.

“The bad actors use quite similar principles of credit cards dumps gathering and memory parsing methods, but started to add additional techniques to mask it using drive-by download attacks,” Komarov wrote, explaining attackers replaced the official Java update scheduler file with malicious code disguised as Java(TM) Platform SE Binary.

According to the release, the loaders in the drive-by attacks were written in obfuscated AutoIt script, which malware authors have become increasingly reliant on to execute attacks while avoiding anti-virus detection.

“The bad actors have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system thru external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices,” according to the release.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.