Home computers and point-of-sale (POS) devices are both being targeted by a recently identified piece of malware that has already compromised thousands of payment cards – the majority of which were issued in the United States.
On May 23, Arbor Networks researchers discovered Soraya, a piece of malware that combines memory scraping techniques found in Dexter, a POS malware, with form grabbing abilities seen in Zeus, a trojan that impacts PCs running Windows.
Using multiple techniques in the same malware is fairly uncommon, Matt Bing and Dave Loftus, a pair of security research analysts with Arbor Networks who wrote about the threat in a Monday post, told SCMagazine.com in a Tuesday correspondence.
“Memory scraping is typically only found in malware directly targeting [POS] systems, and form grabbing is typically [used] to steal data being sent to websites, including payment card information and passwords,” Bing said.
The Soraya malware, which Bing and Loftus said likely dates back to March 2014, has already compromised thousands of payment cards.
The researchers were able to access payment card track data from a command-and-control server – the attacker made it temporarily available from a public location – and determined that more than 65 percent of cards were issued in the United States, notably in Idaho.
More than 21 percent of cards were issued in Costa Rica and more than 11 percent of cards were issued in Canada, according to the post, which adds that nearly 64 percent of compromised cards were debit cards and nearly 35 percent were credit cards.
The author of Soraya remains a mystery and there has been no solid evidence to show how the malware is being distributed, the researchers said, adding that they also have been unable to determine specific businesses or other victims that have been compromised.