When we talk about malware most people think of our computers, and now smartphones, getting infected and letting some cyber-criminal either steal our information or use our computers as part of a larger botnet to cause havoc on the web. The thing is that your smartphones and computers are the only way this is being done, as some major US banks are finding out.
It's called Dump Memory Grabber, and it is the newest headache facing US banks and point-of-sale (POS) systems around the country. Moreover, security researchers at Group-IB in Russia believe that the author of the malware has links to a Russian cyber-crime group.
The malware is designed to scan the memory of point-of-sale systems and ATMs to look for credit card data. Researchers believe that the malware has already been used to grab data from credit and debit cards from the major US banks which include: Chase, Capital One, Citibank, and the Union Bank of California.
In addition, SecurityWeek managed to get a chance to view of a video that is allegedly of the Dump Memory Grabber in action, and they say that it looked like some Nordstrom-branded credit cards may also have been compromised.
The malware collects Track 1 and Track 2 data from the card swipes and then transfers the resulting logfile to some remote server. These two tracks refers to the data encoded into the magnetic stripe on the card, which includes things like the primary account number, first and last name, and expiration date which is then used to create cloned physical cards.
Group-IB said that most of the POS/ATM attacks that they analyzed relied on the malware making its way into the system via "insiders", and only a few POS systems that were running either Windows XP or Windows Embedded were infected remotely though Remote Desktop or VNC software.
Group-IB has shared all its findings regarding this malware with VISA and affected banks as well as the US enforcement agencies.