Advanced vSkimmer malware targets POS systems to steal credit card info
Researchers have uncovered a new malware designed specifically to steal credit card information from POS, or Point of Sales, systems that are based on the Windows operating system.
Known as vSkimmer, the Trojan-like malware was first detected by McAfee's Automated Botnet Replication Framework last month. The security vendor has since analyzed samples to determine its capabilities, which are outlined in a blog here.
vSkimmer actively scans for connected card readers and will extract "Track 2" information directly from credit cards, as well as siphon off pertinent financial information from the attached Windows host machine. All stolen data is transmitted back to a control server. For POS terminals not connected to the Internet, McAfee says vSkimmer can also function offline by copying out information to a USB drive with a specific volume name.
The extraction of Track 2 data is worrisome, as it can be used to clone an additional card, though credit cards based on the new EMV--chip and pin--standard are protected. Support for EMV is expected to be added later this year however, according to a FAQ with the author of the malware. It's worth noting that the vSkimmer's support for offline data extraction was clearly designed to support credit card fraud conducted with insider help.
Chintan Shah, a security researcher at McAfee, puts it this way: "vSkimmer is another example of how financial fraud is actively evolving and how financial Trojans are developed and passed around in the underground community."