New POS-targeting malware found amid holiday shopping season

Point-of-sale terminals are among the favorite targets of attackers, and even more so as the holiday shopping season is here.

Security researchers at iSight Partners have uncovered their findings of a sneaky malware that the firm says is designed to target POS terminals at various retail outlets and steal information about your credit card and debit card.

What is most alarming about this POS malware is the fact that, according to the iSight researchers, existing security software tools could not detect the malware. And as we speak, the security issue has escalated to the national level, meaning large retailers have already fallen victim to the malware.

Read also: POS machines are now the hottest target of cyber criminals

If the level of sophistication is anything to go by, the ModPOS malware, as it is called, might be just incomparable to other POS malware discovered in recent memory. Unlike other types of malware, ModPOS comprises several modules and plug-ins so that it is an integrated  framework of malicious software. The various components of the malware are responsible for the theft of payment data and personal information of users.

The POS malware is not entirely new. Security researchers have been glued to the malware for at least two years now, but not without great difficulty due to the stealthy nature of the software. For example, ModPOS uses encryption to hide itself from even the most advanced detection tools.

Investigating the malware did not start as easy as with other malware for iSight, the security firm says. It appears the POS malware is good at concealing behind sophisticated tools embedded in the malicious software.

The company added that it did not lack in its efforts to warn the industry about the security problem. One way small and large retailers are working to address the issue is use point-to-point encryption in order to secure payment details and decrypt the card data only when it has arrived at the payment processor.

But it is alarming that at present not more than half of retailers have adopted point-to-point encryption tools amid a rapid escalation of POS targeting malware. If left unprotected, credit cards will remain susceptible to various forms of attacks, even those that have a built-in chip technology in them.

In instances when an online purchase is made and paid using the credit card, the chip technology is rendered useless because a stolen card can still be used to make the payment. If a business does not know that its systems are infected by the stealthy malware, customers will be at risk.