While many consumers already take precautions when shopping online, they may need to start being even more careful – as a new report shows malware is focusing on physical registers and ATMs compromised by attackers looking to harvest card data.
Research conducted by the Russian-based security company Group-IB recently discovered malware called “Dump Memory Grabber,” which it believes has already been used to steal debit and credit card information from customers using major US banks including Chase, Citibank and Capital One, Security Weekly reports.
The malicious code is evidently being installed directly into point-of-sale (POS) hardware (meaning registers or kiosks) and ATMs, and transmitting the harvested information straight out of the magnetic stripes on credit and debit cards – which includes everything from account numbers, to first and last names and expiration dates.
And just how are attackers infecting physical systems? Security researchers point to USB drives as the likely culprits, as modern register systems often have accessible ports, as well as direct connections to the Web.
According to Security Weekly, the harvested information can then be used to produce cloned cards, and they are likely succeeding with the help of individuals with direct access to the POS systems and ATMs – which could include employees.
Group-IB analyzed a video evidently posted by the coder behind Dump Memory Grabber, which includes stolen card numbers, and suggests he (or perhaps she) goes by the name “Wagner Richard,” and is likely inside Russia.
This is of course not the first time that attacks have been directed at physical machines like registers or bank ATMs, though using malware is a stealthier approach than physical “skimmer” ploys, which involve mouldings placed on top of the ATM card slots and keypads that log information from unsuspecting customers.
Researchers with Group-IB believe that Dump Memory Grabber is likely part of a larger cyber-crime gang, a Russian-offshoot of the amorphous Anonymous community, and include members in Ukraine and Armenia. In addition to this latest malware, the group is allegedly also for hire to carry out DDoS attacks.