Friday, November 1, 2024
HomeData BreachPOS Malware Breach at Sonic Affected Millions of Credit & Debit Cards

POS Malware Breach at Sonic Affected Millions of Credit & Debit Cards

Published on

Malware protection

Sonic American’s Drive-In, a Pos malware affecting fast-food chain in U.S that operates around 3500 locations across the country.

This breach affecting an unknown number of store payment systems and stolen Credit & Debit cards details are fired to underground online shops over a week for sales.

Oklahoma City-based Sonic hits the breach at the initial level, multiple financial institutions noticed fraudulent transactions on cards that had all previously been used at Sonic.The card breach publicly reported on September 26.

- Advertisement - SIEM as a Service

Also Read Biggest Hack Ever – Each and Every Single Yahoo Account Was Hacked in 2013 Data Breach

Illicit shop in online, known as Joker’s Stash, reportedly had been selling the cards under the batch name FireTigerrr since on September 26.

Christi Woodworth, vice president of public relations at Sonic, said the investigation is still in its early stages, and the company not sure which of its stores may be impacted.

Accounts were stolen from sonic of a batch of cards that Joker’s Stash is calling as “Firetigerrr”, and they are indexed by city, state and ZIP code which allows buyers to purchase cards geographical.

Dumps of card data stolen from the magnetic stripe of the compromised card and subsequently used for cloning the data onto blank plastic cards.Prices for the cards advertised in the Firetigerr.

Above shown capture from Jokers’ Stash showing cards for sale

Most of the cards range in price from $25 to $50, and the price is influenced by type of card issued (Amex, Visa, MasterCard, etc); the card’s level (classic, standard, signature, platinum, etc.); whether the card is debit or credit; and the issuing bank.

Card Breaches On Point of Sale(POS Malware):

Pos Malware is operated by actors ranging from fraudsters to Organized Crime Groups.Most POS malware codes are RAM scrapers that make their way into the target endpoint, focus on reading unencrypted card data in the random access memory (RAM) zone and steal data amassed through the days and weeks of the breach.

One of the most recent POS malware is MajikPOS. Attackers begin by penetrating the target organization’s systems to reach POS endpoints. Usually connected to the endpoint using remote access, either one that’s already installed or one they activate, such as virtual network connection (VNC) or remote desktop protocol (RDP) access.

The connection can be made by stealing or guessing the password.After gaining access, the attackers install the POS malware on the endpoint. From there, the malware executes and continually sends out the stolen data to the attacker’s server.

The United States is the last of the G20 nations to make the shift to more secure chip-based cards, chip-based cards are more expensive and difficult for cybercriminals to counterfeit.

But many financial institutions still not replacing traditional magnetic stripe cards with chip-based cards. According to Visa, 58 percent of the more than 421 million Visa cards issued by U.S. financial institutions were chip-based as of March 2017.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting...

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue...