Trend Micro Inc. discovered a new type of point-of-sale malware called MajikPOS infecting the POS systems of businesses...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
in the U.S. and Canada. They reported that the POS malware authors used several tricks to escape detection and hide their code. What are these tricks, and what mitigation steps are available for the MajikPOS malware?
New point-of-sale (POS) malware is a dime a dozen, and attackers continue to target POS systems because they continue to be profitable. The constant battle between merchants and their attackers is why endpoint security tools and the PCI Data Security Standards will continue to be critical to protecting consumers.
While it can be difficult for enterprises to secure all of their systems, securing endpoints can be even more challenging for small merchants that rely on outsourced service providers to manage and secure their POS systems. Smaller merchants also often need immediate remote support to keep their businesses in operation, which explains why outsourced service providers have remote access to their POSes, despite the risks.
Trend Micro wrote about the new MajikPOS malware, which is a fairly standard, but highly effective threat. While most POS malware includes a RAM scraper, MajikPOS downloads its RAM scraper, which could help bypass tools that monitor files capable of reading memory on the endpoint. In some cases, Trend Micro reported, MajikPOS malware also used the remote administration tool Ammyy Admin for remote access, which should have triggered an alarm on the endpoint.
Trend Micro offered mitigation recommendations, starting with using whitelisting to allow only approved software to upload updates, as well as using an endpoint security tool with application control functionality and using network-based tools to block the malware and related connections. The company has a specific guide to defending against POS RAM scrapers, as well as a guide to protecting against RAM scrapers.
The most important mitigation for the MajikPOS malware may be to use secure remote access, like that required by PCI DSS, which would prevent the malware from getting on the endpoint remotely, or for the merchant to change to using POS terminals capable of supporting EMV chip and PIN payment cards.
Learn how to use whitelisting to defend against POS malware
Read about how the Pro POS malware attacked point of sale terminals
Can credit card hacking be stopped with chip and PIN alone?
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.