22 Oct 2013

Fast-Food POS Fraud Hits South African Banks

Cyber criminals infected point-of-sale terminals of fast food restaurants in South Africa and grabbed payment card data from customers, reported Bloomberg citing the Payments Association of South Africa.

Crooks targeted mainly fast food restaurants, including KFC local outlets. Preliminary investigation estimateshundred of thousands of possible victims. "There's not a single bank that hasn't been affected," Payments Association CEO Walter Volker said.

Although card verification numbers were not stolen, the data taken from the terminals is enough for fraudsters to clone the cards and use them in physical stores or sell the data in underground forums to other criminal groups. 

The vulnerability that made infection possible is believed to be the administration tools used to remotely update the POS systems.  Volker said criminals used Dexter, a malicious software that infected point-of-sale terminals to steal the data on the POS and send it to remote servers controlled by the attackers.

"It took quite a while to get to the bottom of [this incident], because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up," Volker told TechCentral, as reported by ArsTechnica. "This one was a variant that was changed to [avoid detection] by the antivirus software."

The original Dexter was seen in action in North America and Europe where it was found on point-of-sale terminals at high-profile retailers, restaurants and hotels across the two continents.