While all eyes have been on the data breach that rocked Target Corp. and most recently prompted a reorganization of its information security and compliance division, retailers continue to face threats from variants on Dexter and Project Hook point-of-sale (POS) malware, according the latest Threat Intelligence Brief 2014-3 from researchers on Arbor Networks' security engineering and response team (ASERT).
Arbor tracked Dexter Revelation, which it first flagged in December, as it compromised terminals and used fake .zip and .txt files to exfiltrate stolen information. In its latest report, ASERT has observed threat actors going by the usernames "RomeO" and "romeO" and believe they are involved with Dexter.
Experts have traced the origins of Revelation back to April 2013; more recent research has shown that the malware uses memory scraping to “scour system memory looking for plaintext data that matches a credit or debit card format.” A keylogger function captures “keyboard activity and other system information."
Researchers also found in the first two months of this year a URL that had been set up and hosting back-end panels for Project Hook and the POS malware known as Alina.
A list of IP addresses and hostnames associated with Dexter can be found in the Arbor Networks report.