Payment TerminalsThe new virus is similar to the previously known malware Dexter, but surpasses its predecessor in terms of functionality.

McAfee is found in one of the underground Russian forums about selling a Trojan to steal credit card data users POS-terminals.

Malicious program called vSkimmer, and can work together with the connected POS-terminals readers of bank cards, reading them with additional data. The virus also infects the operating system Windows, which is operated devices connected to the reader. All stolen vSkimmer data is sent to a remote server.

Presumably, the new virus is similar to the previously known malware Dexter, but surpasses its predecessor in terms of functionality.

In McAfee noted that the botnet vSkimmer «particularly interesting in that its purpose becomes POS-terminals running Windows».

Originally malicious activity vSkimmer was discovered on January 18 this year. However, the functionality of the virus was analyzed only now. The experts found out that the malware steals from the infected machine and sends to the remote server the following information: OS version, GUID-id, the default language, as well as data about active users and hosts. Stolen data is sent to a remote server via http encrypted.

Among other things, the malware is also capable of kidnapping Track 2 data stored on the magnetic tape of the victim of a credit card (all the information on the card, including the number).

vSkimmer uses a standard setter, copying itself under the guise of svchost.exe in the folder% APPDATA%, modifies the registry key in order to add to the list of trusted applications. To start the process, the virus runs malicious ShellExecute.

Another feature vSkimmer is that the virus can be used without an internet connection. vSkimmer can drop the stolen data to USB-device, calling that USB-drive as KARTOXA007.

Full McAfee report is available here .

Advertisements