The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: point of sale

New Point-of-Sale Malware Steals Credit Card Data via DNS Queries

New Point-of-Sale Malware Steals Credit Card Data via DNS Queries

February 09, 2018Swati Khandelwal
Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. A new strain of malware has now been discovered that relies on a unique technique to steal payment card information from point-of-sale (PoS) systems. Since the new POS malware relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of credit card information, security researchers at Forcepoint Labs, who have uncovered the malware, dubbed it UDPoS . Yes, UDPoS uses Domain Name System (DNS) queries to exfiltrate stolen data, instead of HTTP that has been used by most POS malware in the past. This malware is also thought to be first of its kind. Besides using 'unusual' DNS requests to exfiltrate data, the UDPoS malware disguises itself as an update from LogMeIn —a legitimate remote desktop control service used to manage computers and other systems remo
Critical Oracle Micros POS Flaw Affects Over 300,000 Payment Systems

Critical Oracle Micros POS Flaw Affects Over 300,000 Payment Systems

January 31, 2018Wang Wei
Oracle has released a security patch update to address a critical remotely exploitable vulnerability that affects its MICROS point-of-sale (POS) business solutions for the hospitality industry. The fix has been released as part of Oracle's January 2018 update that patches a total of 238 security vulnerabilities in its various products. According to public disclosure by ERPScan, the security firm which discovered and reported this issue to the company, Oracle's MICROS EGateway Application Service, deployed by over 300,000 small retailers and business worldwide, is vulnerable to directory traversal attack. If exploited, the vulnerability ( CVE-2018-2636 ) could allow attackers to read sensitive data and receive information about various services from vulnerable MICROS workstations without any authentication. Using directory traversal flaw, an unauthorized insider with access to the vulnerable application could read sensitive files from the MICROS workstation, includi
Forever 21 Confirms Security Breach Exposed Customer Credit Card Details

Forever 21 Confirms Security Breach Exposed Customer Credit Card Details

January 01, 2018Swati Khandelwal
First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017. Although the company did not yet specify the total number of its customers affected by the breach, it did confirm that malware was installed on some point of sale (POS) systems in stores across the U.S. at varying times between April 3, 2017, and November 18, 2017. According to the company's investigation, which is still ongoing, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names. Forever 21 has been using encryption technology since 2015 to protect its payment processing systems, but during the investigation, the company found that some POS terminals at certain stores had their encryption switched off, whic
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

December 11, 2017Swati Khandelwal
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker , which has been operating since at least May 2016. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organisations—stolen more than $11 Million and sensitive documents that could be used for next attacks. According to the security firm, the group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (United States). " Criminals stole documentation for OceanSystems’ FedLink card processing system, which is used by 200 banks in Latin America
Hyatt Hotel Says Payment Systems Hacked with Credit-Card Stealing Malware

Hyatt Hotel Says Payment Systems Hacked with Credit-Card Stealing Malware

December 24, 2015Mohit Kumar
Hyatt Hotels Corporation is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on the computers that process customer payments. "We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations," the company announced on Wednesday. "As soon as we discovered the activity, we launched an investigation and engaged leading third-party cyber security experts." What type of information? The company didn't confirm whether the attackers succeeded in stealing payment card numbers, neither it say how long its network was infected or how many hotel chains were affected in the malware attack. But as the payment processing system was infected with credit-card-stealing malware, there is a possibility that hackers may have stolen credit card numbers and other sensitive information. What happened? Hyatt spokeswoman Stephanie Sheppard
Pro PoS — This Stealthy Point-of-Sale Malware Could Steal Your Christmas

Pro PoS — This Stealthy Point-of-Sale Malware Could Steal Your Christmas

December 01, 2015Swati Khandelwal
The point of Sale systems are the most tempting target for cyber crooks to steal your credit card information and with this Christmas, you need to be more careful while using your credit cards at retailers and grocery stores. Here's why… Cyber criminals are now selling a new powerful strain of Point of Sale (PoS) malware through underground forums. Like several POS malware families discovered last year, including vSkimmer and BlackPOS , the new malware is also designed to steal payment card data from the infected POS systems and support TOR to hide its C&C (Command and Control) servers. Pro PoS – Light Weight, Yet Powerful Malware However, the new malware, dubbed " Pro PoS ," packs more than just a PoS malware. Pro PoS weighs only 76KB, implements rootkit functionalities, as well as mechanisms to avoid antivirus detection, according to threat intelligence firm InfoArmor. What's even more interesting about this malware is… Pro P
New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

May 24, 2014Mohit Kumar
In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers. BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions. Now the latest one is the ‘ Nemanj
Book Review: Hacking Point of Sale, In-Depth Study on Payment Applications

Book Review: Hacking Point of Sale, In-Depth Study on Payment Applications

May 20, 2014Swati Khandelwal
Point-of-sale (POS) is the hottest topic in payment structures and its one of the most popular technology topics as well. A Point-of-sale (POS) machine is a computerized replacement for a cash register. It has ability to quickly process a customer's transaction, accurately keep the records, process credit and debit cards , connect to other systems in a network, and manage inventory. A basic POS system would consist of a computer as its core part provided with application specific programs for the particular environment in which it will serve, along with a cash drawer, barcode scanner, receipt printer and the appropriate POS software. Point-of-sale (POS) terminals are used in most industries that have a point of sale such as a service desk, including restaurants, lodging, entertainment, and museums. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the busi
Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

January 31, 2014Swati Khandelwal
After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale (POS) system has become a new target for the cyber criminals. Despite the BlackPOS malware of Point of Sale (POS) system that comes out as the major cause of these data breaches, malware writers are upgrading and developing more Trojans to target POS system. In December, the security researchers at anti-virus firm Kaspersky Lab discovered a Tor-based banking trojan , dubbed " ChewBacca ", that was initially categorized as a Financial trojan, but recently security researchers at RSA have uncovered that 'ChewBacca' is also capable of stealing credit card details from point of sale systems. ‘ ChewBacca ’, a relatively new and private Trojan, used in the 11 countries as a POS malware is behind the electronic theft. ChewBacca communicat
23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware

23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware

January 21, 2014Unknown
In the previous reports of Cyber Intelligence firm ' IntelCrawler ' named Sergey Tarasov , a 17-year-old teenager behind the nickname " ree[4] ", as the developer of BlackPOS malware. BlackPOS also known as "reedum" or 'Kaptoxa' is an effective crimeware kit, used in the massive heist of possibly 110 million consumers' Credit-Debit cards, and personal information from the TARGET . Later Researchers's investigation revealed that the original coder of BlackPOS Malware was actually a 23-year-old young hacker named Rinat Shabayev and the teen, Sergey Taraspov is the incharge for the technical support department. In an interview with Russian channel ' LifeNews ', Rinat Shabayev admitted that he had developed the BlackPOS crimeware kit. He clarified that the program developed by him was not meant for any kind of data theft, instead the program was written for the security testing. He developed the malware with the he
More details about alleged 17-year-old Russian BlackPOS Malware Author released

More details about alleged 17-year-old Russian BlackPOS Malware Author released

January 20, 2014Anonymous
Security experts at IntelCrawler provided a new interesting update on BlackPOS malware author , that he forgot to delete his Social networking profile even after the last exposure from the investigators. As we have reported a few days before that the Intelligence firm IntelCrawler  has identified a 17 year old teenager, known as “ Ree [4] ” in the underground market, as the author of the BlackPOS /Kaptoxa malware used in the attack against Target and Neiman Marcus retailers. The teenager is not directly responsible for the Target attack, but he sold the BlackPOS to other Cyber Gangs, including the admin’s of underground credit cards market places, " . rescator ", " Track2 . name ", " Privateservices.biz " and many others were his clients. Who is Ree [ 4]? IntelCrawler exposed REE [ 4]'s original profile as Sergey Taraspov,  a 17 year old Russian programmer, based in St . Petersburg and Nizhniy Novgorod (Russian Federation). Before both brea
BlackPOS Malware used in TARGET Data Breach developed by 17-Year Old Russian Hacker

BlackPOS Malware used in TARGET Data Breach developed by 17-Year Old Russian Hacker

January 17, 2014Swati Khandelwal
The Holiday data breach at TARGET appeared to be part of a broad and highly sophisticated international hacking campaign against multiple retailers, involving the heist of possibly 110 million Credit-Debit cards, and personal information. Target confirmed last weekend that a malicious software was embedded in point-of-sale (POS) equipment at its checkout counters to collect secure data as the credit cards were swiped during transactions. The Malware called ' BlackPOS ' also known as " reedum " or ' Kaptoxa ' is an effective crimeware  kit, that was created in March 2013 and available in underground sites for $1800-$2000. Investigators from IntelCrawler found a 17-years old hacker who actually developed the BlackPOS crimeware kit. His nickname is ' ree4 ' and original name: ' Sergey Taraspov ' from  St . Petersburg  and  Nizhniy Novgorod ( Russian Federation). IntelCrawler's sources mentioned that the BlackPOS malware was created i
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.