New malware goes directly to US ATMs and cash registers for card info
While many consumers already take precautions when shopping online, they may need to start being even more careful - as a new report shows malware is focusing on physical registers and ATMs compromised by attackers looking to harvest card data.
Research conducted by the Russian-based security company
Group-IB recently discovered malware called “Dump Memory Grabber,”
which it believes has already been used to steal debit and credit
card information from customers using major US banks including
Chase, Citibank and Capital One, Security Weekly reports.
The malicious code is evidently being installed directly into
point-of-sale (POS) hardware (meaning registers or kiosks) and
ATMs, and transmitting the harvested information straight out of
the magnetic stripes on credit and debit cards - which includes
everything from account numbers, to first and last names and
And just how are attackers infecting physical systems? Security
researchers point to USB drives as the likely culprits, as modern
register systems often have accessible ports, as well as direct
connections to the Web.
According to Security Weekly, the harvested information can then
be used to produce cloned cards, and they are likely succeeding
with the help of individuals with direct access to the POS systems
and ATMs - which could include employees.
Group-IB analyzed a video evidently posted by the coder behind
Dump Memory Grabber, which includes stolen card numbers, and
suggests he (or perhaps she) goes by the name “Wagner Richard,” and
is likely inside Russia.
This is of course not the first time that attacks have been directed at physical machines like registers or bank ATMs, though using malware is a stealthier approach than physical “skimmer” ploys, which involve mouldings placed on top of the ATM card slots and keypads that log information from unsuspecting customers.
Researchers with Group-IB believe that Dump Memory Grabber is
likely part of a larger cyber-crime gang, a Russian-offshoot of the
amorphous Anonymous community, and include members in Ukraine and
Armenia. In addition to this latest malware, the group is allegedly
also for hire to carry out DDoS attacks.