11 December 2017
visit www.avoka.com

'ChewBacca' POS malware uncovered in the wild

31 January 2014  |  5782 views  |  1 ChewBacca malware

RSA researchers have uncovered a new point-of-sale malware operation emanating from Eastern Europe that has succeeded in scraping payment card data from small retailers in 11 countries.

While most of the infection activity has occurred in the US, the malware - dubbed ChewBacca - has also been spotted in the wild in in 10 other countries including Russia, Canada and Australia. RSA researchers discovered that, beginning 25 October, Chewbacca had logged track 1 and 2 data of almost 50,000 payment cards it had scraped from infected PoS systems.

RSA says it has been in contact with victim companies and the FBI to shut down the command-and-control server logging the data and to share key forensics data.

The ChewBacca Trojan featured simple keylogging and memory-scraping functionality to search for regular expressions of card mag-stripe data. If a card number is found, it is extracted and logged by the server.

RSA's findings come as US retailer Target said that the recent breach of its POS platform that lifted details of over 100 million cardholders may have occurred through the use of a vendor's stolen credentials. Two other major US retailers - Neiman Marcus and Michaels - have also seen their POS systems attacked using similar malware engineering techniques.

Target may be on the receiving end of $1 billion in breach fines levied by the Payment Card Industry Security Standard Council, according to an analyst note from Jefferies.

"Retailers have a few choices against these attackers," says Yotam Gottesman, a senior security researcher at RSA's FirstWatch team. "They can increase staffing levels and develop leading-edge capabilities to detect and stop attackers via comprehensive monitoring and incident response, or they can encrypt or tokenize data at the point of capture and ensure that it is not in plaintext view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors."
KeywordsEFTPOS

Comments: (1)

A Finextra member
A Finextra member | 31 January, 2014, 10:43

So card issuers and payment processors have to be PCI compliant but retailers and their POS providers don't?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Neiman Marcus says 1.1 million cards compromised; Michaels Stores latest to report breach

Neiman Marcus says 1.1 million cards compromised; Michaels Stores latest to report breach

27 January 2014  |  5820 views  |  0 comments | 8 tweets | 5 linkedin
Texas police make Target data breach-related arrests

Texas police make Target data breach-related arrests

21 January 2014  |  3996 views  |  0 comments | 1 linkedin
Russian teen accused of writing Target malware

Russian teen accused of writing Target malware

20 January 2014  |  6396 views  |  4 comments | 8 tweets | 10 linkedin
Citi replaces all debit cards involved in Target breach

Citi replaces all debit cards involved in Target breach

16 January 2014  |  6256 views  |  0 comments | 7 tweets | 7 linkedin
Target hackers used POS malware to steal card details

Target hackers used POS malware to steal card details

14 January 2014  |  7502 views  |  0 comments | 5 tweets | 5 linkedin
Target raises numbers hit by data breach from 40 million to 70 million

Target raises numbers hit by data breach from 40 million to 70 million

10 January 2014  |  5979 views  |  1 comments | 11 tweets | 6 linkedin
Target says 40 million cards may have been compromised in data breach

Target says 40 million cards may have been compromised in data breach

19 December 2013  |  10374 views  |  2 comments | 11 tweets | 12 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit http://info.nice.comvisit www.solutions.lexisnexis.comvisit www.response.ncr.com

Who is commenting?

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18362 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11276 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
7550 views comments | 14 tweets | 21 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6574 views comments | 8 tweets | 17 linkedin
Barclays, First Direct and Nationwide join FCA sandbox cohortBarclays, First Direct and Nationwide join...
5985 views comments | 5 tweets | 12 linkedin

Featured job

Competitive package
New York City, NY - USA

Find your next job