Security researchers have unearthed a POS malware used to target shoppers’ credit card data during holiday seasons. The malware is still at its development and lack important features common in Advanced POS RAM scrapers. That notwithstanding, experts have warned the commercial version of Getmypass malware could spell doom for shoppers in the future.
A Security researcher have discovered a new point of sale (POS) malware which is more stealth than the BlackPOS malware which took down the Target retail store, and leaked millions of customers credit card data, a year ago. The POS malware known as Getmypass, discovered just before Black Friday, by Nick Hoffman, have very low detection rates and exploits poor encryption to collect data in credit/debit cards.
There is still no reason to freak out given that Getmypass is still at its development state and it’s highly unlikely hackers got hold of your card data over the Black Friday weekend. For instance. the malware lacks a command and control functionality that would allow a hacker to execute command remotely.
That notwithstanding, the malware could be more sophisticated in advanced stages if not checked. “It’s important to track tools like this from their very young stages so that researchers can watch them develop and eventually grow into the next big tool,” wrote Hoffman, adding that the malware eludes over 55 anti-virus tools.
Notably, Getmypass share many similar traits with known POS RAM scrapers such as the ability to search for credit card information, verifying card data using Luhn’s algorithms, writing, encrypting and decrypting files. However, the malware is unable to harvests cardholder’s login credentials, send harvested files to remote locations or perform keystroke logging according to Hoffman.
Getmypass is signed in with a valid digital certificate, enabling it to masquerade as a genuine software, an indication that its authors are highly sophisticated. Actually, a majority anti- malware tools are not able to flag it off at the first instance, meaning it can lay undetected for a long time.
Researchers are yet to observe the malware being used in the wild, but Hoffman says it’s only a matter of time before its author unleash the updated version which might be difficult to contain. “This malware seems to be in its infancy,” Hoffman wrote. “There are debug strings still existent in the malware indicate to me that the author is still testing the tool or is still actively developing it.”
Meanwhile, detecting the malware at an early stage of development is good heads up to industry players. It gives them an ideal of what to expect should the malware be produced on a commercial scale. “This analysis enables us and others in the industry to build new signatures to detect this particular component,” concurs Christopher Budd, global threat communications manager with Trend Micro,
Whether Getmypass poses a threat to the future of credit/debit cardholders or not, it is highly advisable for card users to remain vigilant when shopping online or on retail stores. Advanced POS RAM scrapers could be a financial nightmare to victims. Shoppers are advised to regularly check out for updates and patches from their service providers.