Skip to main content

Research Shows New Malware Threat Evades “Chip” Card Technology

Chip-enabled debit and credit card technology won’t stop the latest malware threat from stealing customers’ data.

A report published Tuesday by iSight Partners, a Dallas-based global cyber intelligence firm, disclosed details about what it’s described to be “the most sophisticated point-of-sale malware” it’s seen to date.

Dubbed ModPOS (modular point-of-sale system), it’s a comprehensive malware framework that the firm believes may have ties to Eastern Europe, based on IP addresses resolving to that region in reverse-engineered samples.

“In a nutshell, this is not your daddy’s run-of-the-mill cybercrime malware,” iSight stated.

When tracking this “sophisticated” malware framework, iSight discovered that it typically employed “packed kernel drivers” that go above and beyond to confuse security controls, allowing it to go undetected as it drills deep into POS machines.

According to the research, one module of the framework has been observed capturing credit card track data out of memory and associating itself to a POS environment, indicating that retail, food services, hospitality and health care could be at risk.

“We know that U.S. retailers have been targeted and believe it is very likely that criminal actors are seeking to compromise additional victims beyond those identified,” iSight said, noting that the firm first observed a small element of ModPOS in 2012, with known activity in late 2013 and active targeting of U.S. retailers through 2014. “Given its sophistication, it has taken our malware analysis ninjas a substantial amount of time to reverse engineer the software.”

A high-level summary of ModPOS was shared with iSight’s partners in December 2014. Now, the cyber intelligence firm is making the details and technical indicators publicly available in an effort to protect future victims and provide payment system operators with the information they need to hunt for the malware framework in their environments.

“We believe this very hard to detect malware is likely being used in broader campaigns and are disclosing details to help retailers and other organizations with POS and other payment processing systems hunt for and eradicate the malware,” iSight said.