14 DAY TRIAL // Smaller companies from the education and hospitality industries were found to be infected with a Trojan that targets credit card processing and point of sale (PoS) devices to steal highly valuable financial information.
Sophos reports that the Trojan installs itself as a service called rdasrv in Windows that's launched from a file in most cases named rdasrv.exe or something similar to A12345.exe.
By being PCI/DSS compliant, the malware is able to circumvent all the protections and with the use of Perl expressions it scans the memory of the infected device in search of two main data tracks which store names, account numbers, expiration dates and CVV codes.
Once the information is obtained, the Trojan identified as Troj/Trackr-Gen will store the data on the disk in a text file called data.txt or currentblock.txt.
For now, these attacks are not so common, but this is a clear indication that companies who don’t have the necessary resources to protect their payment systems are becoming an easy target for hackers.