Researchers with Trend Micro have identified two new pieces of point-of-sale (POS) malware that are affecting small and medium-sized businesses (SMB) predominately in the U.S.
One of the threats is referred to as Katrina and it was observed being advertised on underground forums since as far back as June 2015, a Monday post said.
The other threat, CenterPoS, initially resembled POS malware known as GamaPoS since both are written in the Microsoft .NET Framework and neither uses the Luhn algorithm, a method for verifying that acquired numbers are actually payment card numbers.
Both threats, however, were determined to be minor variants of a popular POS malware known as Alina.
Christopher Budd, global threat communications manager at Trend Micro, told SCMagazine.com in a Monday email correspondence that “both of these are rather derivative and derive from Alina without major innovations.”
Trend Micro observed the first infection on Aug. 25 and so far the security firm has identified 87 SMBs that have been compromised, the post indicated, noting that 77 percent of victims are from the U.S., five percent are from Taiwan, three percent are in Brazil and another three percent are in Australia.
“Most of the victims were compromised first with the Katrina PoS malware, but sometime between September 10 [and] 15, the attacker [began] shifting the installed malware from Katrina to [another POS threat known as] NewPoSThings, or from CenterPoS to Katrina,” the post said.
To stay ahead of the threat posed by these types of POS malware, Trend Micro recommended segregating POS terminals from the rest of the network and using correct access controls, as well as using application whitelisting technology.