Researchers have unveiled a new family of malware, dubbed “FastPOS,” that is capable of instantly exfiltrating stolen credit card information.
Unlike other POS threats, FastPOS focuses on transferring harvested data as soon as possible to its command and control (C&C) server, as opposed to collecting the data and uploading it periodically in an effort to stay hidden.
According to security experts at Trend Micro, the malware leverages a keylogger and a memory scraper for information theft purposes.
“FastPOS captures keystrokes and sends back the entire string to the C&C server once the return key is pressed,” read a detailed report by Trend Micro.
Meanwhile, the RAM scraper relies on a custom algorithm that checks for valid credit card numbers. Specifically, the malware looks for international credit cards that do not require PINs.
“FastPOS’s design sets it apart from other POS malware families,” says Trend Micro. “It appears to be designed to operate in situations where a large, enterprise-scale network may not be present: instead, it is designed for environments with a much smaller footprint.”
Researchers noted FastPOS-related infections have been seen across the globe in the last five months, including the United States, France, Brazil, Hong Kong, Japan and Taiwan.
Trend Micro noted attack vectors for the malware have been identified as a real-time file sharing service, compromised medical sites and brute-force attacks by cybercriminals.
Researchers say FastPOS is currently offered for sale on several underground forums, and believe the actors behind it are also advertising and selling the stolen payment card credentials.
For more information, read Trend Micro’s full report (PDF) here.