Point-of-sale malware can make its way into almost anything these days, from massive corporate systems to individual devices. The latest victim is Avanti Markets, a leading “micro market” vending company hit with malware that has stolen payment and possibly fingerprint data from self-service payment kiosks in various locations.
The cybercriminals likely breached the kiosk provider’s network and used infected Windows computers as a beachhead in the attack. From there, POS malware can bypass some encryption technology and grab unprotected card data out of the volatile memory of a POS device. Regardless, it appears Avanti had not rolled out encryption on all their devices prior to the attack
POS malware is also typically written to attack unique and widely used POS systems, and versions have been found that attack specific restaurant and gas station software kits. The attackers in this case used a Poseidon toolkit developed in 2015.
After investigating the attack, officials said it appears the malware gathered cardholders’ first and last names, credit/debit card numbers, and expiration dates. In addition, users of the Market Card option may have had their names and email addresses compromised. And although biometric information was at risk in this attack, it seems stored fingerprint data has not been compromised.
Avanti states that 1,900 devices were affected, but the true extent of the breach is still unknown. Imitation attacks may soon follow, and the publicity gained by the Avanti attack may be used by attackers in phishing scams to lure Avanti users into further revealing their credit card data.
The good news is Avanti has offered credit monitoring to impacted customers. However, to ensure their financial data is secure, customers should also keep a close eye on their bank accounts to look for any fraudulent activity.
To learn more about this POS malware attack and others like it, follow us at @McAfee and @McAfee_Business.