Target malware similar to earlier Trojans designed to hack POS systems
Security researchers investigating Target's mega data breach have reportedly found similarities between the malware used for attacking the retailer and a previously known Trojan program designed to steal data from Point-of-Sale (POS) systems.
iSight Partners have found the attack tool, dubbed Trojan POSRAM, which is a software that can find, store, and transmit credit card and PIN numbers from POS systems.
According to PC World, the security company said that the malicious software is being used in a persistent, wide ranging, and sophisticated cyber campaign, dubbed KAPTOXA, targeting 'many operators' of POS systems.
POSRAM Trojan has been described by security analyst Tiffany Jones, as a customized version of BlackPOS, a piece of malware designed to steal a card's magnetic stripe data while it is stored momentarily in a POS system's memory, just after a credit or debit card is swiped at the terminal.
Once bugging a POS terminal, the malware monitors the memory address spaces on the device for specific information and saves data to a local file and then transfers it to the attackers at preset times.
Jones said that at least 75 percent of the code in POSRAM is similar to the code in BlackPOS, and differs only in the methods used to evade detection by anti-malware tools as it contains a new kind of attack method that conceals all data transfers and executions.
Target's security breach had compromised data of about 110 million of its consumers including their personal information like emails, phone numbers, and full names.
At least three other retailers are believed to be attacked by the same malware, including Neiman Marcus, the report added.
(Posted on 21-01-2014)