Dexter POS malware infections on the rise

Researchers have warned that about three different variants of the Dexter point of sale (POS) malware are on the loose during the ongoing holiday season, which are aimed at pinching credit and debit card information from innocent consumers.

According to security firm Arbor Networks, two servers have been reportedly hosted to collect data from PoS systems by variants of the Dexter malware and a similar threat known as Project Hook.

Security researchers detected three separate variants of the Dexter malware, called Stardust, Millenium, and Revelation, with the first being developed in November 2012 by researchers from Seculert.

Dexter and Project Hook are aimed at pinching Track 1 and Track 2 information incorporated on the magnetic stripes of payment cards when the transactions are carried out on the affected PoS terminals, and the gained information would allow cloning cards.

Security firm said in a statement that the exact method of compromise is not currently known, however POS systems suffer from the same security challenges that any other Windows-based deployment does.

"Network and host-based vulnerabilities (such as default or weak credentials accessible over Remote Desktop and open wireless networks that include a POS machine), misuse, social engineering and physical access are likely candidates for infection.

"Additionally, potential brittleness and obvious criticality of PoS systems may be a factor in the reportedly slow patch deployment process onPoS machines, which increases risk. Smaller businesses are likely an easier target due to reduced security."

Researchers claim that the malware would mainly hit smaller businesses due to reduced security.

"While the attackers may receive less card data from smaller retailers, infections may be more numerous and last longer due to the lack of security reporting and security staff in such environments," security firm added.

Researchers suggested that consumers can prevent the issue by bolstering their network with broad restrictions on incoming connections to remote desktop systems, and increase the distance between wireless networks from the POS machines.

Such malwares can also be prevented by patching the OS and any third-party applications and by hardening the system to add technologies including Microsoft’s EMET when required.