Bromium Labs: Call Of The Wild Blog - Understanding malware targeting Point Of Sale Systems

January 13, 2014
By Vadim Kotov

Back in 2009 several companies (including Visa and Verizon) published threat reports describing a new kind of malware - RAM scrapers (Verizon report, Visa report). These are malicious programs that search memory of point-of-sale (POS) systems for bank card information. After that a number of blog entries appeared, but neither of them (to our best knowledge) reveal the inner workings of RAM scrapers. Recently this issue has come back into the limelight with the recent Target breach. The exact details of the Target malware are still unknown but it is important to understand how RAM scrapers work and why they're a big risk to the retail industry.

In this blog, we analyze several families of POS malware and investigate techniques and approaches deployed to scrape bank card information in the infected system's volatile memory.

Click the URL above to read the full article