"Dexter" malware steals credit card data from point-of-sale terminals

A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses.

Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30 percent of those compromised located in the US, 19 percent in the UK, and nine percent in Canada. Malware that infects point-of-sale terminals can be one of the most efficient ways to carry out payment card fraud because it targets machines with access to large amounts of the required data.

"Instead of going through the trouble of infecting tens of thousands of PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware," Raff wrote. "Dexter is one example of such malware."

Dexter has infected systems running a variety of different versions of Windows, including XP, Home Server, Server 2003, and Windows 7. Once installed, Dexter uploads the contents of computer memory to a server located in the Republic of Seychelles. An online parsing tool then attempts to ferret out Track 1 and Track 2 card data processed by various POS applications. The data is then retrieved by the malware operators, presumably for the purpose of cloning payment cards. More on Dexter here.

 

It remains unclear how POS systems are infected by Dexter, which gets its name from a string of text found in one of its files. The large percentage of infected Windows servers suggests Web-based exploits and social engineering traps aren't likely vectors, since those types of machines typically aren't used to browse Web pages. Raff declined to identify the businesses infected by the malware.