The most complex ever point-of-sale malware capable of stealing credit card details through infected payment terminals has been discovered by American cyber-security researchers.
Dubbed ModPOS (Modular Point Of Sale), the malware was discovered by Dallas-based iSIGHT Partners. It has been quietly stealing sensitive information since 2013 due to unique features that make it extremely difficult to detect.
The firm said it can be configured to target specific systems with components such as uploader/downloader, keylogger, POS RAM scraper and custom plugins for credential theft and other specialised functions like network reconnaissance.
“We believe other capabilities could also be leveraged,” iSIGHT Partners said in a blog post. “The modules are packed kernel drivers that use multiple methods of obfuscation and encryption to evade even the most sophisticated security controls.”
Describing the complexity of ModPOS, iSIGHT Partners revealed it took its team of experts three weeks to reverse-engineer the virus. For comparison, it takes around half an hour to crack a regular piece of POS malware.
The cyber-security experts said the malware, likely developed in Eastern Europe, has been targeting US retailers since 2013. The affected companies have not been named.
The firm did not disclose how the malware infiltrates the payment systems.
“No one should be surprised by increasingly sophisticated point-of-sale malware,” Tim Erlin, from IT firm Tripwire commented. “There is clearly a profitable stream of revenue for criminals from these devices and avoiding detection by off-the-shelf tools is key to ensuring an ongoing supply of card data.”
Tripwire said it believed the American cases won't be isolated as the malware "appears to represent substantial coding investment on the part of the attackers".
Although chip-and-pin terminals are believed to be less likely to be affected by this malware, iSIGHT Partners said the malware may be able to find gaps even in these systems in case they are not completely secured throughout.