4,500++ payment cards have been compromised in the United States and Canada by a new point-of-sale (POS) malware,named it as the JackPOS, that is based on Alina.According to researchers with cyber intelligence company IntelCrawler, they are launched a POS malware infection map that shows 4,533 payment cards have already been compromised.
They are found 11 infections in locations including Idaho, California, Utah, Missouri, South Carolina, Pennsylvania, Vancouver and Quebec.
Andrew Komarov, CEO at IntelCrawler said “Several of the found loaders used in detected ‘Drive-by’ download attack are written using obfuscated compiled AutoIt script, which became quite popular method to avoid AV detection in order to unpack additional binary malicious code and execute further instructions received from the C&C server.”
"The bad actors have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system thru external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices."
The loaders used in the "Drive-by" download attack has been written in obfuscated and compiled AutoIt Script. Researcher says it is a technique to avoid AV detection and unpack additional malicious codes that will receive instructions from C&C server.
JackPOS is distributed by cybercriminals through drive-by attacks. The malware is disguised as the Java Update Scheduler. In Bangalore, India, and Madrid, Spain, the number of affected cards is 420 and 230, respectively.
No comments:
Post a Comment