At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

Share this article:
VSkimmer trojan steals card data on point-of-sale systems
At least 4,500 payment cards have been compromised in the United States and Canada by the malware.

At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale (POS) malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.

Andrew Komarov, CEO at IntelCrawler, told SCMagazine.com a bit about JackPOS on Friday, but on Monday, IntelCrawler launched a POS malware infection map that shows 4,533 payment cards have already been compromised by 11 infections in locations including Idaho, California, Utah, Missouri, South Carolina, Pennsylvania, Vancouver and Quebec.

“Our team has successfully received an access to [the command-and-control server] today and extracted cards from it,” Komarov told SCMagazine.com in a Monday email. According to a Monday release, some of the victims were impacted more than 17 days ago.

Looking at numbers across the globe, roughly 3,000 payment cards have been compromised by 12 infections in São Paulo, Brazil. Additionally, 412 payment cards were compromised by two infections in Karnataka, India, and 230 payment cards were compromised by six infections in Madrid, Spain.

“The bad actors use quite similar principles of credit cards dumps gathering and memory parsing methods, but started to add additional techniques to mask it using drive-by download attacks,” Komarov wrote, explaining attackers replaced the official Java update scheduler file with malicious code disguised as Java(TM) Platform SE Binary.

According to the release, the loaders in the drive-by attacks were written in obfuscated AutoIt script, which malware authors have become increasingly reliant on to execute attacks while avoiding anti-virus detection.

“The bad actors have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system thru external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices,” according to the release.

Share this article:

Sign up to our newsletters

More in News

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

JPMorgan Chase customers targeted in massive phishing campaign

JPMorgan Chase customers targeted in massive phishing campaign

Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.

Study: Organizations lack training, budget to thwart insider threats

Study: Organizations lack training, budget to thwart insider ...

Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.