New virus is similar to the previously known malware Dexter, but surpasses its predecessor in terms of functionality.
McAfee has found in one of the underground Russian forums about selling a Trojan to steal data of credit card users at POS-terminals.
Malicious program called vSkimmer which can work with the connected POS-terminals readers of bank cards, reading them with additional data. The virus also infects the operating system Windows. All stolen vSkimmer data is sent to a remote server.
Presumably, the new virus is similar to the previously known malware Dexter, but surpasses its predecessor in terms of functionality.
McAfee noted that the botnet vSkimmer is particularly interesting in that its target is POS-terminals running Windows.
Originally malicious activity of vSkimmer was discovered on January 18 this year. However, the functionality of the virus was analyzed only now. Experts found out that the malware steals from infected machine and sends to the remote server the following information: the version OS, GUID-id, the default language, as well as data about active users and hosts. Stolen data is sent to a remote server via http encrypted.
Among other things, the malware is also capable of capturing Track 2 data stored on the magnetic tape of the victim’s credit card (all the information on the card, including the number).
vSkimmer uses a standard setter, copying itself under the guise of svchost.exe in the folder% APPDATA%, modifies the registry key in order to add to the list of trusted applications. To start the process, the virus runs malicious ShellExecute.
Another feature of vSkimmer is that the virus can be used without connecting to the Internet. vSkimmer can drop the stolen data to USB-device, calling that USB-drive as KARTOXA007.