Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does the MajikPOS malware evade detection?

A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it.

Trend Micro Inc. discovered a new type of point-of-sale malware called MajikPOS infecting the POS systems of businesses...

in the U.S. and Canada. They reported that the POS malware authors used several tricks to escape detection and hide their code. What are these tricks, and what mitigation steps are available for the MajikPOS malware?

New point-of-sale (POS) malware is a dime a dozen, and attackers continue to target POS systems because they continue to be profitable. The constant battle between merchants and their attackers is why endpoint security tools and the PCI Data Security Standards will continue to be critical to protecting consumers.

While it can be difficult for enterprises to secure all of their systems, securing endpoints can be even more challenging for small merchants that rely on outsourced service providers to manage and secure their POS systems. Smaller merchants also often need immediate remote support to keep their businesses in operation, which explains why outsourced service providers have remote access to their POSes, despite the risks.

Trend Micro wrote about the new MajikPOS malware, which is a fairly standard, but highly effective threat. While most POS malware includes a RAM scraper, MajikPOS downloads its RAM scraper, which could help bypass tools that monitor files capable of reading memory on the endpoint. In some cases, Trend Micro reported, MajikPOS malware also used the remote administration tool Ammyy Admin for remote access, which should have triggered an alarm on the endpoint.

Trend Micro offered mitigation recommendations, starting with using whitelisting to allow only approved software to upload updates, as well as using an endpoint security tool with application control functionality and using network-based tools to block the malware and related connections. The company has a specific guide to defending against POS RAM scrapers, as well as a guide to protecting against RAM scrapers.

The most important mitigation for the MajikPOS malware may be to use secure remote access, like that required by PCI DSS, which would prevent the malware from getting on the endpoint remotely, or for the merchant to change to using POS terminals capable of supporting EMV chip and PIN payment cards.

Next Steps

Learn how to use whitelisting to defend against POS malware

Read about how the Pro POS malware attacked point of sale terminals

Can credit card hacking be stopped with chip and PIN alone?

This was last published in August 2017

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What works best in the battle against POS malware?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close