Retailers have a new risk to be wary of, in the form of a Trojan program that pinpoints point-of-sale (PoS) terminals.
Called PoSeiden, the malicious program works by scanning the RAM of affected terminals, with the goal of finding unencrypted credit card information. Experts from Cisco’s Security Systems (CSS), who have studied this threat, have noted three distinct parts of PoSeiden: a keylogger, a loader and a memory scraper with keylogging functionality. When combined, these components allow the program to access vulnerable information and store it for later use.
“PoSeidon is another in the growing number of Point-of-Sale malware targeting PoS systems that demonstrate the sophisticated techniques and approaches of malware authors,” the CSS researchers said. “As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families.”
This program is particularly dangerous because it can send the information it obtains to outside servers, bypassing the need for attackers to download it locally. It also performs routine self-updates, and has safeguards against being reverse-engineered, making it particularly resilient against post-hoc defense attempts. Therefore, retailers should be proactive about guarding against this Trojan, and ensure that their systems are completely secure and up-to-date.
The proliferation of malware, like PoSeiden, indicates that organizations should continually be evaluating their point of sale retail software needs. If you are concerned that your own system might be vulnerable, contact Visual Retail Plus. When it comes to the integrity of your customer information, it can be dangerous to leave things to chance.