Security researchers have discovered a criminal operation employing point-of-sale malware that has compromised as many as fifty-thousand payment cards used at nearly four-dozen small and medium sized retailers, and say the breaches are not connected to the Target and Neiman Marcus incidents.
The data-scraping malware operation is thought to have been active from October 25th 2013 through the last week of January, and had logged track 1 and 2 data of payment cards used at the infected organizations.
The ChewBacca PoS malware is relatively new on the scene, with fairly simple keylogging and memory-scraping functionalities.
“ChewBacca features two distinct data-stealing mechanisms: a generic keylogger and a memory scanner designed to specifically target systems that process credit cards, such as Point-of-Sale (POS) systems,” Yotam Gottesman stated.
“The memory scanner dumps a copy of a process’s memory and searches it using simple regular expressions for card magnetic stripe data. If a card number is found, it is extracted and logged by the server.”
The researchers went on to explain that the malware’s communications went through the TOR network in order to obfuscate the IP address of the Command and Control (C&C) servers by encrypting traffic to avoiding network-level detection.
“The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months,” Gottesman said.
“Retailers have a few choices against these attackers. They can increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), or they can encrypt or tokenize data at the point of capture and ensure that it is not in plaintext view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors.”
Read More Here…