Russian Underground Attack Targeting Payment World

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm. 

The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments. vSkimmer Botnet agent is able to detect card readers on the victim’s machine and gather all the information from the Windows machines sending it to a remote control server encrypting it.

The malware collects the following information from the infected machine and sends it to the control server:

• Machine GUID from the Registry
• Locale info
• Username
• Hostname
• OS version

 The vSkimmer Botnet Malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow. Dexter is responsible for the loss of nearly 80,000 credit card records and data breach of payment card data of Subway restaurants in 2012.  vSkimmer appears more sophisticated of Dexter despite it is easier to use, vSkimmer is an advanced tool to steal credit card data from Windows hosts.

 vSkimmer can also grab the Track 2 data stored on the magnetic strip of the credit cards. This track stores all the card information including the card number. To be precise on Track 2 was stored card number, three-digit CVV code, and expiration date are stored, all necessary to qualify card in payment processes.

The vSkimmer is completely undetectable on the compromised host. vSkimmer waits for a named USB device to be attached to the compromised machine and once detected it the malware dumps the collected data to the removable device.