Cyber-security experts warn of sophisticated malware targeting store tills
26 Nov 2015
Cyber-thieves are reported to be readying malware and spam campaigns to unleash on shoppers during the run-up to Christmas.
According to security company iSight, one gang had updated the sophisticated malware it used to target tills in stores.
An increase in spam and phishing emails was also seen as part of a strategy to target bargain-seeking shoppers.
Further, a number of crime groups had made fake copies of popular shopping apps aimed at stealing payment-card data.
The warnings had been sounded just ahead of Black Friday and Cyber Monday, which bracket the weekend following the US Thanksgiving holiday, when special deals are offered at online and offline stores.
According to iSight senior director Stephen Ward, the 50 biggest retail brands in the US were now hunting through their internal corporate networks to check up infection by the "highly sophisticated" Modpos malware.
Ward said the modular malware could be present on point-of-sale equipment, and sought to steal payment-card data during the brief period the information was being exchanged unencrypted in the memory of computerised tills.
"It's a Swiss-army knife of sorts that can be used for any type of nefarious activity," he said, Los Angeles Times reported.
The cyber security firm declined to name specific victims of the threat, but said investigation uncovered infections at "national retailers."
The revelation comes as the retail industry was taking steps to recover from the breaches uncovered since Target suffered hits during the 2013 holiday season.
"It's the most sophisticated point-of-sale malware we've seen to date," said Maria Noboa, an iSight senior threat analyst. Instead of being just one piece of software, it's a complex framework of multiple modules and plug-ins. Those parts combine to collect a lot of detailed information about a company, including payment information and personal log-in credentials of executives, she said, BBC reported.
The malware had been on the radar of iSight for two years according to Noboa, however, the progress had been difficult due to the great lengths to which it went to hide itself, relying on techniques such as encryption - a common digital security tool that scrambled data - to slip past investigators, she said.