Trend Micro Inc. discovered a new type of point-of-sale malware called MajikPOS infecting the POS systems of businesses...
in the U.S. and Canada. They reported that the POS malware authors used several tricks to escape detection and hide their code. What are these tricks, and what mitigation steps are available for the MajikPOS malware?
New point-of-sale (POS) malware is a dime a dozen, and attackers continue to target POS systems because they continue to be profitable. The constant battle between merchants and their attackers is why endpoint security tools and the PCI Data Security Standards will continue to be critical to protecting consumers.
While it can be difficult for enterprises to secure all of their systems, securing endpoints can be even more challenging for small merchants that rely on outsourced service providers to manage and secure their POS systems. Smaller merchants also often need immediate remote support to keep their businesses in operation, which explains why outsourced service providers have remote access to their POSes, despite the risks.
Trend Micro wrote about the new MajikPOS malware, which is a fairly standard, but highly effective threat. While most POS malware includes a RAM scraper, MajikPOS downloads its RAM scraper, which could help bypass tools that monitor files capable of reading memory on the endpoint. In some cases, Trend Micro reported, MajikPOS malware also used the remote administration tool Ammyy Admin for remote access, which should have triggered an alarm on the endpoint.
Trend Micro offered mitigation recommendations, starting with using whitelisting to allow only approved software to upload updates, as well as using an endpoint security tool with application control functionality and using network-based tools to block the malware and related connections. The company has a specific guide to defending against POS RAM scrapers, as well as a guide to protecting against RAM scrapers.
The most important mitigation for the MajikPOS malware may be to use secure remote access, like that required by PCI DSS, which would prevent the malware from getting on the endpoint remotely, or for the merchant to change to using POS terminals capable of supporting EMV chip and PIN payment cards.
Learn how to use whitelisting to defend against POS malware
Read about how the Pro POS malware attacked point of sale terminals
Can credit card hacking be stopped with chip and PIN alone?
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with ... Continue Reading
Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay ... Continue Reading
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.