An Oracle point-of-sales (PoS) platform is being threatened by a new form of malware designed to steal customer’s credit card details according to security vendor, Trend Micro. MalumPoS scrapes data from from an infected machine’s RAM and is believed to be targeting the 330,000 customers who interact with Oracle Micros, a platform that caters to the retail, hospitality, and food industries.“Every time a magnetic stripe of a credit card is swiped, the malware can steal stored data such as the cardholder’s name and account number,” said Jay Yaneza, a threat analyst for Trend Micro. “This data can then be exfiltrated and used to physically clone credit cards, or in some cases, commit fraudulent transactions like online purchases.”
When attacking a system, MalumPoS is said to disguise itself as a Nvidia graphics driver – “Nvidia Display Driv3r” – which would appear legitimate to to the everyday user. The malware is designed to be configurable and can monitor up to 100 different processes simultaneously. Trend Micro believes that, in the future, attackers might add other applications and PoS systems (like NCR or Radiant) that handle card data to their target list.
The blog post by Trend Micro also said that the malware could target sales systems that operate through Internet Explorer, which is being phased out by Microsoft as the company prepares to introduce their new browser, Edge, this summer.
The number of memory-scraping PoS malware programs, like MalumPoS, have increased dramatically over the last several years. They seem to be the weapon of choice for cyber-criminals on the prowl for credit card data. Malware programs like MalumPoS have played a huge role in some of the biggest credit card breaches to date including those at Home Depot and Target.
“A bulk of the companies using this platform (Oracle Micros) is mostly concentrated in the United States,” said Yaneza. American Express, Discover, MasterCard, and Discover card owners beware. Oracle could not be reached for comment.