Fraudsters kick off conterfeiting operation with $1,800 investment in malware #BlackPOS

by. Nicole Reyes

In an earlier post, I talked about 2014 being coined “The Year of the Data Breach,” and so far, the ring is true. Much of the continuing breach trouble appears to be stemming from a certain malware used in the Target incident. This malware has reportedly created a new wave of data breaches, and investigators have tracked it back to as far as June 2013.

Chatter among industry professionals and the payments media has it that more retailers were breached in a similar method to the Target incident and around the same timeframe. While merchant names have not been released, investigators have revealed that the malware used in the Target breach has been downloaded at least 20 times in various locations around the world.

Criminals who have downloaded the malware have reportedly done so for a fee of $1,800 for the basic version and $2,300 for the full version. Per the FBI: “The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors.”

BlackPOS works by getting itself downloaded into the retailer’s system (how insiders may have intentionally played a role or been tricked into that download is to be determined). It then captures card information and uploads it to a server that the fraudsters can access. From this data, fraudsters build out counterfeit magstripes and plastics. (Counterfeiters are actually in a race against time, as the proliferation of EMV is expected put a near stop to the production of look-alike cards. This may explain the ramped-up breach effort – striking before it’s too late.)

continue reading »