Cyber-criminals are using a new strain of malware to target point-of-sales system running a type of Oracle software popular with US firms in the hospitality industry, warns security outfit Trend Micro.
Trend Micro says that the MalumPoS tool can be reconfigured to target any POS system but is currently being used to collect payment data from tills running on Oracle Micros, a platform used on 330,000 sites worldwide, mostly in the US and that is popular in the hospitality, food and beverage, and retail industries.
The malware is a POS RAM scraper, which can steal stored data such as cardholder names and account numbers every time the magnetic stripe of a credit card is swiped. This data can then be used to physically clone credit cards or, in some cases, make online purchases.
MalumPoS is selective in what data it scrapes, using regular expressions to to find the valuable information, targeting Visa, MasterCard, American Express, Discover, and Diner’s Club cards.
Once installed in a system, it disguises itself as the 'NVIDIA Display Driver'. Trend Micro says that although typical NVIDIA components play no important parts in POS systems, their familiarity to regular users may make the malware seem harmless.
"If successfully deployed by a threat actor, this PoS RAM scraper could put several high-profile US-based companies and their customers at risk," says Trend Micro.