New POS Malware Steals Data via DNS Traffic

Researchers at Forcepoint have discovered new point-of-sale (POS) malware disguised as a LogMeIn service pack that is designed to steal data from the magnetic stripe on the back of payment cards. The malware, which Forcepoint is calling UDPoS, is somewhat different from the usual POS tools in that it uses UDP-based DNS traffic to sneak stolen credit and debit card data past firewalls and other security controls. It is also one of the few new POS malware tools to surface in some time, according to the company.

In recent years, the US, like many other countries, has switched from magnetic cards to chip and PIN cards based on the Europay, Mastercard, and Visa (EMV) standard. The transition has made it harder for criminals to steal payment card data using POS malware—like they did with the massive theft at Target in 2013. However, malware like UDPoS suggests that criminals still see an opportunity to steal data from POS systems. While there’s no evidence to show that UDPoS is currently being used to steal credit or debit card data, Forcepoint’s tests show that it is capable of doing so successfully.

Read more about the UDPoS POS malware, likely targets of which are POS systems in hotels and restaurants and any other location with handheld devices for swiping credit and debit cards, on DarkReading.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here