Application security, Malware

AbaddonPOS malware preys on retail POS software

While ransomware is garnering the majority of headlines these days, point-of-sale (POS) malware is still a clear and present danger, according to researchers at Proofpoint.

In fact, the researchers report, cybercriminals are intensifying their efforts to exploit the rollout in the U.S. of chip-and-PIN cards by deploying malware as a vital tool for stolen credit card data and ill-gotten gain.

A new assault the firm has been tracking attempts to install TinyLoader and AbaddonPOS point-of-sale malware, which is delivered via an email campaign specifically geared to retail operations and which is highly personalized (the recipient's name appears in the message). Plus, the message contains a seductive lure, an image of a spinner one expects to see when content is loading. A message asks the recipient to enable content by clicking on it. Once a user clicks, the malicious macro is delivered.

At that point, various C&C servers are contacted which deliver a new, more evolved variant of AbaddonPOS, capable of testing various blacklist/whitelist implementations and changing methods in the way pilfered credit card data is siphoned.

The malware, the researchers say, is still under active development and they expect further email campaigns targeting POS systems to steal credit card data – despite improvements in PCI DSS compliance requirements. 

"Comprehensive email, network and endpoint protection – along with user education – remain the best ways to protect systems and customer data," the Proofpoint researchers conclude.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.