14 DAY TRIAL // Researchers from Russian security firm Group-IB have identified a piece of malware that’s designed to steal payment card information from the ATMs and the point-of-sale (POS) systems it infects.
Dubbed “Dump Memory Grabber,” the malicious element has already swiped the details of cards issued by major US banks such as Citibank, Capital One and JP Morgan Chase, SecurityWeek reports.
Group-IB has told SecurityWeek that the malware can steal Track 1 and Track 2 information – account number, cardholder name and expiration data – which is basically the information that’s needed to clone cards.
Written in C++, “Dump Memory Grabber” searches the infected device for sensitive information. Once the information is found, it’s added to a text file which is sent back to a remote server, operated by Russia-based Selectel, via FTP.
In fact, experts believe that the author of the malware is a Russian that uses “Wagner Richard” as an alias on social networking websites.
“Wagner Richard” is said to be the administrator of a large cybercriminal group comprised of members from Ukraine, Armenia and Russia, some of which are believed to be part of Anonymous Russia.
Besides operating credit card-stealing malware, the cybercriminals also launch distributed denial-of-service (DDOS) attacks for anyone who’s willing to pay $2 (1.5 EUR) per hour.
It’s important to note that, according to Group-IB, in most cases, the malware has been planted on ATMs and POS systems by individuals in charge of operating the targeted devices. In other cases, the malware is pushed via security holes.
It appears that POS-targeting malware is becoming more and more prevalent. Just last week, experts from McAfee described the inner workings of a malicious element dubbed vSkimmer that’s capable of stealing information from POS systems.