Security researchers at cyber threat intelligence company iSight Partners identified malware – called ModPOS – that targets retail point-of-sale systems. The malware capabilities include an ability to scrape credit card numbers from POS systems’ memory, logging keystrokes, and transmitting stolen data, and uploader/downloader functionality, the company stated, according to a blog post by company Senior Director Stephen Ward.
Ward called ModPOS as the “most sophisticated point of sale malware we have seen to date.” The malware has been secretly attacking retail and possibly food services, hospitality and healthcare companies since at least 2013.
The malware uses custom plugins to enable credential theft attacks and can be configured to target specific systems. iSight clients were briefed about the ModPOS discovery last month, and the firm said the malware creators could use its functionality along with and other capabilities to launch a highly advanced attack.
ModPOS’s code uses advanced persistent threat and multiple levels of encryption to avoid detection. The malware “may have ties to Eastern Europe,” based on IP addresses and “other factors we are not disclosing,” the cyber firm said.
“Even if a merchant is PCI compliant, which is intended as a minimum set of standards to meet for securing cardholder data, it does not guarantee protection from these types of threats,” wrote J.D. Oder, CTO and senior vice president of research & development, Shift4 Corp., in an email to SCMagazine.com, about the malware discovery. “Therefore, the key to protecting cardholder data is to practice security beyond compliance by not leaving anything behind for hackers to steal.”