Thursday, December 5, 2024
HomeComputer SecurityVISA Warning that Hackers Injecting POS Malware in Fuel Dispenser Merchants...

VISA Warning that Hackers Injecting POS Malware in Fuel Dispenser Merchants To Steal Payment Card Data

Published on

SIEM as a Service

Visa Payment Fraud Disruption (PFD) observed that hackers attack point-of-sale merchants by injecting POS malware across North American fuel dispenser merchants to steal the cardholder data.

Sophisticated hackers groups breach the internal network of the POS Merchants to infect the network with POS malware, which is completely different from skimming at fuel pumps.

In a November report, VISA confirmed that malware threat actors were able to breach the network and steal the payment card data due to the lack of secure acceptance technology.

- Advertisement - SIEM as a Service

“Targeted Fuel dispenser merchants are very slow to deploy the Chip technology in their station which attracts threat actors attempting to compromise POS systems for magnetic stripe payment card data.” visa said.

With the evidence collected in the forensic report, Researchers believe that the attackers who involved in this attack attributed to the FIN8 cybercrime group.

GBHackers previously reported FIN8 group activities, and the groups are a financially motivated threat group active since at least 2016 and often targets the POS environments of the retail, restaurant, and hospitality merchants to harvest payment account data.

Different Incidents were observed

At the First incident, Visa investigation reveals that the attackers successfully compromised the merchant’s network through a phishing email that contained a malicious attachment.

Once the Victims open the attachment, installed a Remote Access Trojan (RAT) on the merchant network, and granted the threat actors network access which helps attackers to perform the reconnaissance the corporate network to utilize the credentials and move further into Victims POS environment.

Visa recently observed the second incident that targets another North American fuel dispenser merchant where the attackers gained the network access, but it was unclear how they gained initial access.

According to the VISA report, A RAM scraper was injected into the POS environment and was used to harvest payment card data. The targeted merchant accepted both chip transactions at the in-store terminals and magnetic stripe transactions at fuel pumps, and the malware injected into the POS environment appears to have targeted the mag stripe/track data specifically.

The third incident was targeted to the North American hospitality merchant where the attackers used FIN8-attributed malware and another new malware is a full-featured shellcode backdoor that is based on the RM3 variant of the Ursnif, a banking trojan.

With malware, no evidence indicating that it targets the fuel dispenser merchants, but the attacker will use it for future Merchants attacks.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Weaponized Word Documents Attacking Windows Users to Deliver NetSupport & BurnsRAT

The threat actors distributed malicious JS scripts disguised as legitimate business documents, primarily in...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...