What Is POS Malware?

POS system: Point of Sale systems are used at the point of transaction in retail, consisting of hardware and software used to process consumer information off credit or debit cards. 

When the consumer uses a card in a POS system, the card’s magnetic stripe is read, data (PIN Block) is encrypted and sent for approval to the merchant gateway which uses an HSM (Hardware Security Module) to decrypt the PIN Block, re-encrypt it and send it to the bank which confirms the  PIN is correct. The confirmation is communicated back to the POS which approves the transaction.

Source: citoc.com

POS Malware:  POS systems can be targeted via physical devices; a tactic known as “skimming”.  There are many forms of skimming: fake hardware-based skimmers, pre-compromised POS devices and DIY kits.  These methods are designed to simply intercept the card data before it makes it to the network and deliver it back to the hackers.

Software attacks are usually performed with a malware called memory scrapper, which looks at data dumps and filters through them to find the necessary info.

Lately, more sophisticated attacks have emerged such as Dexter, Alina and Stardust (a variant of Dexter). The latest form of attack has baffled security experts, this is the code responsible for the Target breach, BlackPOS. 

What distinguishes BlackPOS from a memory scrapper is that it runs in the memory of the system, specifically customized to the organization it infiltrates (Target’s home-grown systems). 

It also has specific hooking points and it performs encryptions in the process of exporting data, in order to avoid detection systems. BlackPOS also features extensive anti-forensic and cleanup modules that allow it to successfully infiltrate machines which carry POS software without leaving any traces.