Blog

Dexter Malware infects point of sale systems worldwide

January 18, 2013

Security researchers have discovered malware that has been infecting and siphoning off payment information from point of sale systems at major retailers around the world for months.

Security researchers have discovered malware that has been infecting and siphoning off payment information from point of sale systems at major retailers around the world for months. Dubbed “Dexter” by Seculert, the malware has targeted the POS systems of major retailers, hotels, restaurants, and private parking providers in the U.S., United Kingdom, Canada, Brazil, South Africa, and numerous countries across Europe. Because most of the infected systems were not used for Web browsing, Seculert’s Avi Raff says that Dexter likely gained access to the POS systems by initially infecting other computers on the companies’ networks. Once in the POS systems, the malware searches for processes run by specific POS software and, if it is detected, dumps that data to the malware’s command-and-control server, which Seculert tracked to a server in the Seychelles. A tool on the C&C server then parses the data to recover Track 1 and Track 2 payment card data, which can then be used to carry out card fraud. Raff says that some antivirus software already recognized Dexter as malicious and notes that the malware could have been easily thwarted if the effected businesses had used end-to-end encryption before passing the data to processing providers.

Back To Blog