facebook
twitter
rss
account
search
search
 

Report: 'Off-the-shelf' malware used in Target data breach

Jan. 16, 2014 at 5:53 PM   |   Comments

MINNEAPOLIS, Jan. 16 (UPI) -- Hackers used cheap, off-the-shelf malware to breach security at U.S. Target stores and compromise data for more than 110 million customers, a tech website said.

Target confirmed last weekend malicious software was embedded in point-of-sale equipment at its checkout counters to collect secure data as credit cards were swiped during transactions. Brian Krebs, of the Krebs on Security website, reported Thursday the malware has been determined to be BlackPOS -- also known as "reedum" -- which uses a memory-scraping technique to collect secure data, temporarily stored in Windows OS computers during a transaction.

BlackPOS likely comes from Russia, and can be bought for about $1,800, Forbes reported.

Data on cards' magnetic stripes are encrypted when sent from POS terminals to financial institutions for verification but the memory-scraping malware snags the information while it is temporarily "parked" as plain text in POS terminals.

"Interestingly, a search in Virustotal.com -- a Google-owned malware scanning service -- for the term 'reedum' suggests that this malware has been used in previous intrusions dating back to at least June 2013," Krebs said.

Forbes said the hackers likely had access to every POS terminal in every Target store for more than two weeks.

The website Help Net Security said Thursday a Russian security firm has been tracking the activities of cyber criminals it suspects of using BlackPOS in thefts from customers of a number of U.S. banks.

Topics: Google
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Recommended UPI Stories
Most Popular
1
Deloitte: App downloads dwindle, 1 in 3 users disinterested
2
AESA radar integrated into new F-16V
3
Iran wants to develop mini-LNG plants
4
Army Corps of Engineers contracts Exelis information technology services
5
GenDyn to study new guidance system for ICBMs
Trending News
Video
x
Feedback