POS Malware is a type of malware that targets POS payment acceptance systems to steal payment-related card data by scraping the device’s memory (RAM scraping), by screen capturing or by keylogging. The malware vulnerabilities in the POS ecosystem and infects POS terminals where credit and debit cards are swiped and card data is captured. This data is then exfiltrated to servers under the control of cyber criminals. While earlier POS malware stored and then exfiltrated data periodically, the latest versions immediately send the captured data.
How POS malware infects POS systems?
Cyber criminals employ a variety of methods to infect POS systems. The malware is delivered through
Most common types of POS malware are keyloggers. Cyber criminals target employees of businesses using POS systems. Phishing – emails with malware attachments are sent to them and they are tricked into downloading or opening the attachment. This unleashes the malware that often installs as a service with a legitimate-looking name. They maintain a low-profile that makes detecting them very difficult.
Vulnerabilities allowing POS malware
In credit and debit cards the data is stored in two ways – with magnetic stripes or with electronic chips. Magnetic stripes are more vulnerable to malware attacks and thefts, rather than electronic EMV chips. Europe has moved onto EMV chip cards while the rest of the world is in the process of completely migrating to chip-based cards.
Whenever a card is swiped in a POS machine the authenticity of the card data has to be verified. During this process, the data on the magnetic stripe of credit card resides temporarily in the form of plain text in the RAM of PoS terminal/device. Cyber criminals are exploiting this fact to steal the card data. These PoS RAM scrapers steal the track one and track two data on credit/ debit cards from the RAM of PoS systems. Since this payment data has to be processed it is decrypted in the PoS’s RAM. The POS malware harvests the payment data and sends the data to servers under the control of cyber criminals.
Ways to Combat Point of Sale Malware
Employee education – employees must be educated about internet security. They must be instructed not to open attachments from unknown sources. They must not click on embedded links. If such links must be clicked on then the link must be copied and pasted in a text document to verify what the link actually is.
Endpoint security/ Antivirus Solution – A robust endpoint security solution must be installed and managed. Any applications specific to the business could be containerized so that the data does not leak out
Firewall security – A strong firewall that effectively monitors both inward and outward traffic for unauthorized data flow.
Whitelisting – Endpoint application control that allows execution of only whitelisted applications.
Following the above-mentioned security measures will help combat point of sale malware.
