Point of Sale ‘Malware on Steroids’ Could Affect ‘Multiple Millions’

AP Photo/Elaine Thompson
AP Photo/Elaine Thompson

Security experts from cyber intel firm iSight have exposed new — and extremely sophisticated — cash register point of sale malware.

The malicious software, known as “ModPOS,” has multi-layered encryption that makes all but impossible to trace the source of the infection, let alone what data was stolen. In addition to the complex encryption, ModPOS combines multiple malware tricks such as “network monitoring,” “key-logging,” and “RAM scraping,” in order to secure personal data at the exact moment of the electronic point-of-sale.

In eight years of studying and exposing POS malware, iSight says they have never seen anything that compares to the malicious complexity of this hack. The “POS malware on steroids” is taking researchers around three weeks to crack, nearly 2000% longer than their standard half hour reverse engineering.

Neither the standard swiping of a card’s magnetic strip nor the usually more secure “chip-and-pin” forms of transactions are safe from the virus, and iSight reports that the unknown creator and profiteer of ModPOS has siphoned millions of dollars and untold amounts of personal data from just as many unaware victims since as far back as 2013. There has yet to be a report of how many American companies have been affected by the virus, but iSight has already warned at least 80 American companies.

For all of the technical details, you can check out iSight’s official ModPOS disclosure report.

Nate Church is @Get2Church on Twitter, and he can’t become a wildly overhyped internet celebrity without your help. Follow, retweet, and favorite everything he says. It’s the Right Thing To Do™!