What is POS Malware?
POS (Point of Sale Malware) is a memory scraping malware that targets retail stores with an intention to steal customer’s financial data (most likely credit card data) in retail checkout systems.
They are usually embedded deep in the system, such as in places that antivirus software cannot find them or do not know what to do with them. Cybercriminals are known to unleash stealthy POS attacks to steal customer data from retail store fronts in order to sell the stolen consumer data, rather than using it directly for their benefit. Reduce the risk of being vulnerable to malware with SecureBox Containerization technology.
Malware Attacks on POS Systems
BlackPOS, Backoff, FrameworkPOS, BernhardPOS and more recently Multigrain are some of the notorious POS malware that have terrorized small and medium size businesses by stealing consumer data.
Many IT departments are now calling these malware as a process scanner because it looks at all the active processes on the computer and tries to steal the information. It can also be considered as a memory scraper because it prowls through all the processes and data on the RAM and “scrapes” out anything that it thinks may be useful, such as credit card information.
How Point-of-Sale malware works
POS malware scans the memory for card data in a point-of-sale network. Once the malware gets the information, it sends it to a C&C server, where the criminals can look through it, sift through and obtain the credit card information they need. They, then sell this information in Top Dark Web Markets where other criminals use this for fraudulent purchases. Ideally, a POS station and other environments that handle sensitive data monitor, regulate or even block HTTP or FTP web traffic which, in an otherwise context, exfiltrate the data being processed.
But because target organizations don't usually filter DNS traffic, the data exfiltration by POS malware such as Multigrain goes unchecked.
How to detect POS malware
Finding this malware can be difficult, and you may not even realize you’re infected. However, IT departments may be able to notice the warning signs first, as it will show up as codes when open processes fail and the scan processes don’t work.
The problem is that you can’t see the malware until it wants to be seen, which is usually never. It can spread to other areas of the system and other systems.
SecureBox detects the POS malware that infects point of sale systems with the help of containerization technology. Containerization works with the principle of Default Deny Strategy where it aims to keep the malware off the computer by performing the financial transactions in a virtual container. It wraps the sensitive applications in a container where suspicious files are denied access so that the data in the applications remain secure. To prevent Point-of-Sale malware infection, you can:
- Download our product
- Patch systems frequently
- Keep everything up to date, especially Point of Sale Security features
Protecting POS Systems from POS Attacks
Comodo SecureBox Containment Technology provides the solution to detect and thwart malware attacks even when your system is infected with POS malware.
There have been constant improvements in POS security software to detect and thwart malware attacks in the recent past. However, despite their best efforts to combat the growing malware threats, there are obvious vulnerabilities in the POS security technology that allows POS attacks to impair its smooth operations.
Some of the ways through which POS operators can mitigate the damage from POS malware is by abiding to the PCI DSS regulations, performing routine penetration testing and vulnerability scanning, adopting EMV technology, implementing two-factor authentication for remote devices, and embracing widespread data and hardware encryption to safeguard transactional information. Contact US today to secure your system from POS malware and to learn more about POS security.