Cybercriminals continue to rely on point-of-sale (POS) malware in order to steal payment card information from companies. Researchers have uncovered a new piece of POS malware which they’ve dubbed JackPOS.
According to IntelCrawler, several attacks using JackPOS have been spotted over the past three weeks. The list of targeted countries includes Brazil, Canada, France, India, Spain, and the United States. Experts have also seen stolen card data from Argentina, Korea and other countries.
JackPOS is distributed by cybercriminals through drive-by attacks. The malware is disguised as the Java Update Scheduler.
“Several of the found loaders used in detected ‘Drive-by’ download attack are written using obfuscated compiled AutoIt script, which became quite popular method to avoid AV detection in order to unpack additional binary malicious code and execute further instructions received from the C&C server,” IntelCrawler noted in its report.
“The bad actors have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system thru external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices.”
The company’s representatives have told Canadian publication The Globe and Mail that JackPOS has been used to compromise close to 700 credit cards in Canada. The details of 3,000 cards have been stolen in Sao Paolo, Brazil.
In Bangalore, India, and Madrid, Spain, the number of affected cards is 420 and 230, respectively.
It’s worth noting that JackPOS is not an entirely new piece of malware. Experts say it’s based on code from Alina, another notorious threat designed to steal information from POS terminals.
IntelCrawler has published a POS malware infection map that monitors threats such as Alina, BlackPOS (the Trojan used in the Target attack), Dexter and JackPOS.