Recently, we have seen increasingly sophisticated criminal syndicates targeting retailers. These groups have successfully compromised networks, exploited point-of-sale systems and exfiltrated massive amounts of credit card data from well-known retailers, including Target and more recently Home Depot, amongst many others.
One of the key weapons in these criminal groups’ arsenal is customized malware specifically designed to target point-of-sale systems, such as BlackPOS and Backoff. The malware takes advantage of weaknesses in payment systems to steal credit card data where the information is not yet encrypted.
In this video demo, we will walk through how malware grabs credit card data using various methods, as well as provide a demo of how RAM scraping works.