Screen showing a virus warning.In what seems part of a growing trend, a security researcher has discovered malicious software specifically designed to target POS Systems. Referred to as “Dexter,” this malware steals credit card data as it is being processed by the POS terminal. The software has infected hundreds of terminals worldwide, the bulk of these being in the USA and UK.

Dexter works by taking certain key information from the computer’s memory and sending it to a server located somewhere in the Seychelles. This information typically includes a list of programmes running on the computer as well as information being passed between the terminal and accessories such as card readers. Other critical information may also be recorded and transmitted. This data is then scanned for track 1 and track 2 credit card data, which could potentially be used by the malware’s creator to clone credit cards.

At present, it appears that only POS Systems based on the Windows operating system are vulnerable to Dexter. iPad and Android EPOS systems are not under threat. Aviv Raff, a researcher at Seculert who discovered the malware, reports that over half of the infected terminals are running Windows XP. Now more than a decade old, XP is tried and trusted on EPOS Systems, and remains immensely popular. However, its age also makes it less secure, though it should be noted that more modern Windows 7 systems have also been infected.

According to Raff, several antivirus programmes were already capable of identifying Dexter as malware and neutralizing its threat. Now that Dexter has been fully unearthed, other antivirus software will be updated to detect it. He also pointed out that using simple encryption on the POS terminal before sending credit card information to the processing company would prevent any usable data being sent to the malware’s creator.

It is as yet unclear where the Dexter infection originated. Traditional methods used by cyber criminals such as social engineering or malicious website links seem unlikely to work in a retail setting where staff typically have a limited ability to alter computer settings. Nevertheless, Dexter illustrates the importance of keeping software up to date, of having good security software installed, and in training staff on IT security.

More information on Dexter can be found on the Seculert blog.