New malware program targets POS systems

mikepdx · Apr 16, 2015

Last month security researchers from Cisco Systems issued a warning about a new PoS
malware threat ... the program has already infected PoS terminals at
restaurants, bars and hotels in the U.S.

in addition to stealing payment card data while it’s being processed, it also installs a
keylogger to capture what employees type on such systems.

New malware program targets point-of-sale systems | PCWorld

CapStar362 · Apr 18, 2015

correct me if im wrong, but coming from having a POS Certification with 7 and XP CE versions ( which are used in POS )...

the only time a POS machine even goes beyond a LAN is for credit card sales, everything else is guarded by LAN Side restrictions, like operator user names and passwords.

i see no viable method of a malware getting information from a POS machine and sending it out over WAN when its restricted by the POS Server, which all POS Clients are operated from, like thin client environments.

i wonder how they executed that. the POS Server controls all. the routing functions from the server specifically restrict LAN to WAN for any user/pass information even if elevated in privilege. and that is a built in function.

corbintechboy · Apr 18, 2015

CapStar362 said:
correct me if im wrong, but coming from having a POS Certification with 7 and XP CE versions ( which are used in POS )...

the only time a POS machine even goes beyond a LAN is for credit card sales, everything else is guarded by LAN Side restrictions, like operator user names and passwords.

i see no viable method of a malware getting information from a POS machine and sending it out over WAN when its restricted by the POS Server, which all POS Clients are operated from, like thin client environments.

i wonder how they executed that. the POS Server controls all. the routing functions from the server specifically restrict LAN to WAN for any user/pass information even if elevated in privilege. and that is a built in function.

I was thinking the same.

Now of course if an dirty employee injected the malware, it's the only way I could see something like this working.

CapStar362 · Apr 20, 2015

even at that, no Owner would give a employee his admin account credentials, or else suffer the darwin like fate for doing so.

New malware program targets POS systems

mikepdx

Member

CapStar362

Member

corbintechboy

Member

CapStar362

Member