Security researcher Nick Hoffman, who mainly focuses on reverse engineering, has discovered a new malware variant that targets payment systems. The Getmypass malware aims to steal credit card data from the working memory.
The malware is a so-called ram scraper, in which the working memory of, for example, a payment terminal is checked for the presence of credit card data. Getmypass then checks the collected data and then stores relevant data encrypted.
According to Hoffman, the Getmypass is not yet complete: the malware is still missing several parts, for example an essential module to receive commands from attackers from a so-called command-and-control server. The option to forward collected credit card data from a local log file is also not available yet. The malicious code is able to remain invisible to 55 virus scanners through tests on the VirusTotal site, and it has a certificate from the company ‘Bargaining active’ to impersonate legitimate software.
Despite the malware still not having enough components to be useful to criminals, Hoffman says Getmypass’s early code is interesting to study. In this way, researchers can check how such malware is further developed and whether the builders of such malware apply new techniques.
So-called point-of-sale malware is a particular problem in the United States, partly due to the popularity of credit cards and outdated security mechanisms. At the beginning of this year, it was announced that 70 million credit card details had been stolen from American retail chain Target by hackers via the company’s payment system.