#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

POS Malware | Breaking Cybersecurity News | The Hacker News

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

Feb 01, 2023 Payment Security / Risk
The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as  Prilex  have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky  said  it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its criminal scheme a notch higher. Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor has steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called  GHOST transactions . While contactless payments have taken off in a big way, in part due to the COVID-19 pandemic, the underlying motive behind the new functionality is to disable the feature so as to force the user to insert the card into the PIN pad. To that end, the latest version of Prilex, which Kaspersky disc
Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware

Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware

Sep 29, 2022
A Brazilian threat actor known as  Prilex  has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers  said . "This enables the attackers to keep updating their tools in order to find a way to circumvent the authorization policies, allowing them to perform their attacks." The cybercrime group emerged on the scene with ATM-focused malware attacks in the South American nation, providing it the ability to break into ATM machines to perform jackpotting – a type of attack aiming to dispense cash illegitimately – and clone thousands of credit cards to steal funds from the targeted bank's customers. Prilex's modus operandi over the years has since evolved to take advantage of processes relating to point-of-sale
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

Mar 10, 2021
Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies. One such group is  FIN8 , a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with upgraded capabilities including screen capturing, proxy tunneling, credential theft, and  fileless execution . First documented in 2016 by FireEye, FIN8 is known for its attacks against the retail, hospitality, and entertainment industries while making use of a wide array of techniques such as spear-phishing and malicious tools like  PUNCHTRACK  and  BADHATCH  to steal payment card data from point-of-sale (POS) systems. "The FIN8 group is known for taking long breaks to improve  TTPs  and increase their rate of success," Bitdefender researchers  said  in a report published
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

Nov 12, 2020
Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed "ModPipe" — impacts Oracle MICROS Restaurant Enterprise Series (RES) 3700 POS systems, a widely used software suite in restaurants and hospitality establishments to efficiently handle POS, inventory, and labor management. A majority of the identified targets are primarily located in the US. "What makes the backdoor distinctive are its downloadable modules and their capabilities, as it contains a custom algorithm designed to gather RES 3700 POS database passwords by decrypting them from Windows registry values," ESET researchers said in an analysis . "Exfiltrated credentials allow ModPipe's operators access to database contents, including various definitions and configuration, status tables and information ab
Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

Jan 30, 2020
Remember the recent payment card breach at Wawa convenience stores ? If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action. That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. As The Hacker News reported last month, on 10th December Wawa learned that its point-of-sale servers had malware installed since March 2019, which stole payment details of its customers from potentially all Wawa locations. At that time, the company said it's not aware of how many customers may have been affected in the nine-month-long breach or of any unauthorized use of payment card information as a result of the incident. Now it turns out that the Wawa breach marked itself in the
Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware

Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware

Jan 02, 2020
Landry's, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers' payment card information. Landry's owns and operates more than 600 bars, restaurants, hotels, casinos, food and beverage outlets with over 60 different brands such as Landry's Seafood, Chart House, Saltgrass Steak House, Claim Jumper, Morton's The Steakhouse, Mastro's Restaurants, and Rainforest Cafe. According to the  breach notification published this week, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names. The PoS malware infected point-of-sale terminals at all Landry's owned locations, but, fortunately, due to end-to-end encryption technology used by the company, attackers failed to steal payment card data from cards swiped at its
Hackers Stole Customers' Payment Card Details From Over 700 Wawa Stores

Hackers Stole Customers' Payment Card Details From Over 700 Wawa Stores

Dec 20, 2019
Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at about any of its 850 stores since March 2019. What happened? According to a press release published on the company's website, on 4th March, attackers managed to install malware on its point-of-sale servers used to process customers' payments. By the time it was discovered by the Wawa information security team on 10th December, the malware had already infected in-store payment processing systems at "potentially all Wawa locations." That means attackers were potentially stealing Wawa customers' payment card information until the malware was entirely removed by its
Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants

Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants

May 31, 2019
If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction. Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally's locations—nearly 15% of its restaurants. The impacted restaurants [ name, addresses and exposure dates ] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia. After becoming aware of a "data security issue involving malware" at some Checkers and Rally's locations, the company launched an extensive investigation which r
New Point-of-Sale Malware Steals Credit Card Data via DNS Queries

New Point-of-Sale Malware Steals Credit Card Data via DNS Queries

Feb 09, 2018
Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. A new strain of malware has now been discovered that relies on a unique technique to steal payment card information from point-of-sale (PoS) systems. Since the new POS malware relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of credit card information, security researchers at Forcepoint Labs, who have uncovered the malware, dubbed it UDPoS . Yes, UDPoS uses Domain Name System (DNS) queries to exfiltrate stolen data, instead of HTTP that has been used by most POS malware in the past. This malware is also thought to be first of its kind. Besides using 'unusual' DNS requests to exfiltrate data, the UDPoS malware disguises itself as an update from LogMeIn —a legitimate remote desktop control service used to manage computers and other systems remo
Forever 21 Confirms Security Breach Exposed Customer Credit Card Details

Forever 21 Confirms Security Breach Exposed Customer Credit Card Details

Jan 01, 2018
First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017. Although the company did not yet specify the total number of its customers affected by the breach, it did confirm that malware was installed on some point of sale (POS) systems in stores across the U.S. at varying times between April 3, 2017, and November 18, 2017. According to the company's investigation, which is still ongoing, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names. Forever 21 has been using encryption technology since 2015 to protect its payment processing systems, but during the investigation, the company found that some POS terminals at certain stores had their encryption switched off, whic
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Dec 11, 2017
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker , which has been operating since at least May 2016. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organisations—stolen more than $11 Million and sensitive documents that could be used for next attacks. According to the security firm, the group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (United States). " Criminals stole documentation for OceanSystems' FedLink card processing system, which is used by 200 banks in Latin America
Hackers Steal Payment Card Data From Over 1,150 InterContinental Hotels

Hackers Steal Payment Card Data From Over 1,150 InterContinental Hotels

Apr 20, 2017
InterContinental Hotels Group (IHG) is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on payment card systems at 1,174 franchise hotels in the United States. It's the second data breach that U.K.-based IHG, which owns Holiday Inn and Crowne Plaza, has disclosed this year. The multinational hotel conglomerate confirmed a credit card breach in February which affected 12 of its hotels and restaurants. What happened? IHG identified malware accessing payment data from cards used at front desk systems between September 29 and December 29, 2016, but the malware was erased after the investigation got completed in March 2017. "Many IHG-branded locations are independently owned and operated franchises and certain of these franchisee operated locations in the Americas were made aware by payment card networks of patterns of unauthorized charges occurring on payment cards after they were legitimately us
Data Breach — Oracle's Micros Payment Systems Hacked

Data Breach — Oracle's Micros Payment Systems Hacked

Aug 09, 2016
The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over 1 Billion credentials were dumped online as a result of mega breaches in popular social networks. Now, Oracle is the latest in the list. Oracle has confirmed that its MICROS division – which is one of the world's top three point-of-sale (POS) services the company acquired in 2014 – has suffered a security breach. Hackers had infected hundreds of computers at Oracle's point-of-sale division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world. The software giant came to know about the data breach after its staff discovered malicious code on the MICROS customer support portal and certain legacy MICROS systems. Hackers likely installed malware on the troubleshooting portal in order to capture customers' credentials as they logged in. These us
Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

Jul 08, 2016
The Popular fast-food restaurant chain Wendy's on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country. The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its customers' credit and debit card information. The data breach is more than three times bigger than initially thought. The original data breach was believed to have affected " fewer than 300 " of its 5,144 franchised locations in the United States when the malware was discovered in May. The Malware had been installed on Point-of-Sale (PoS) systems in the affected restaurants and was able to obtain cardholder's name, payment card number, expiration date, service code, cardholder verification value, among other data. The data breach began in fall 2015 and discovered in February this year, and the company went public with in May. Just last month, Wendy's s
Russian ATM Hackers Steal $4 Million in Cash with 'Reverse ATM Hack' Technique

Russian ATM Hackers Steal $4 Million in Cash with 'Reverse ATM Hack' Technique

Nov 25, 2015
Russian hackers have discovered a novel technique to rip off Millions of dollars from banks and ATMs. Criminals in Russia used a technique, called " Reverse ATM Attack ," and stole 252 Million Rubles ( US$3.8 Million ) from at least five different banks, according to the information obtained by Russian digital intelligence firm Group-IB . What is Reverse ATM Attack? According to the intelligence firm, an attacker would deposit sums of 5,000, 10,000 and 30,000 Rubles into legitimate bank accounts using ATMs, and immediately withdraw the same amounts right away with a printed receipt of the payment transaction. The details included in the receipt, containing a payment reference number and the amount withdrawn, would then be transferred to a partner hacker, who had remote access to the infected POS terminals, usually located outside of Russia. Also Read: German Bank ATMs vulnerable to Hackers The partner hacker would then use these details to perform a reversal
New "PoSeidon" Point of Sale Malware Spotted in the Wild

New "PoSeidon" Point of Sale Malware Spotted in the Wild

Mar 23, 2015
A new and terribly awful breed of Point-of-Sale (POS) malware has been spotted in the wild by the security researchers at Cisco's Talos Security Intelligence & Research Group that the team says is more sophisticated and nasty than previously seen Point of Sale malware. The Point-of-Sale malware, dubbed " PoSeidon ", is designed in a way that it has the capabilities of both the infamous Zeus banking Trojan and BlackPOS malware which robbed Millions from US giant retailers, Target in 2013 and Home Depot in 2014. PoSeidon malware scrapes memory from Point of Sale terminals to search for card number sequences of principal card issuers like Visa, MasterCard, AMEX and Discover, and goes on using the Luhn algorithm to verify that credit or debit card numbers are valid. The malware then siphon the captured credit card data off to Russian (.ru) domains for harvesting and likely resale, the researchers say. "PoSeidon is another in the growing number
'The Home Depot' Data Breach Put 56 Million Payment Cards at Risk

'The Home Depot' Data Breach Put 56 Million Payment Cards at Risk

Sep 19, 2014
Home Depot , the nation's largest home improvement retailer, announced on Thursday that a total of 56 million unique payment cards were likely compromised in a data breach at its stores, suggesting that the data breach on Home improvement chain was larger than the Target data breach that occurred last year during Christmas holidays. The data theft occurred between April and September at Home Depot stores in both the United States and Canada, but the confirmation comes less than a week after the retailer first disclosed the possibility of a breach. " We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges, " Home Depot CEO Frank Blake said in a statement. " From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so. " It is believe that the cybercriminals successfully compromised the
BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

Jul 10, 2014
Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, says researchers from FireEye. The new botnet campaign, dubbed as BrutPOS , aims to steal payment card information from the POS systems and and other places where payment data is stored, by targeting Microsoft Remote Desktop Protocol (RDP) servers that were disgracefully using poorly secured and simple passwords. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the business. But, Point-of-sale (POS) systems are critical components in any retail environment and the users are not aware of the emerging
POS Machine Vendor Warns of Possible Payment Card Breach at Restaurants

POS Machine Vendor Warns of Possible Payment Card Breach at Restaurants

Jul 03, 2014
Due to the better track inventory and accuracy of records, Point-of-sale (POS) systems are being used in most of the industries including restaurants, lodging, entertainment, and museums around the world. It can be easily set-up depending on the nature of the business. Despite that, Point-of-sale (POS) systems are critical components in any retail environment and users are not aware of the emerging threats it poses in near future. So, it is one of the apparent target for cybercriminals and the recent security breach at Information Systems & Suppliers (ISS) proves this. Information Systems & Suppliers (ISS) Inc., the vendor of point-of-sale (POS) electronic cash registers and security systems used by restaurants has warned its customers that it may have experienced a payment card breach. HACKERS COMPROMISED VENDOR'S LogMeIn SERVICE The company on June 12 notified restaurant customers of its remote-access service, the popular LogMeIn, had been compromised
Cybersecurity Resources