Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The RawPOS PoS Malware also scans for driver’s license data

According to Trend Micro, the RawPOS PoS malware was recently used to steal driver’s license information from victims. Security experts at Trend Micro have spotted a new variant of the RawPOS PoS malware stealing driver’s license information from victims. The RawPOS PoS malware is an old threat that has been active since 2008. RAWPOS is a memory scraper that has infected […]

The RawPOS PoS Malware also scans for driver’s license data

According to Trend Micro, the RawPOS PoS malware was recently used to steal driver’s license information from victims.

Security experts at Trend Micro have spotted a new variant of the RawPOS PoS malware stealing driver’s license information from victims.

The RawPOS PoS malware is an old threat that has been active since 2008. RAWPOS is a memory scraper that has infected lodging merchants since 2008 by targeting the memory dump where payment information may be temporarily stored, and that data are staged on a network and removed later by a separate process.

RawPOS PoS Malware

The malicious code was mainly used against targets in the hospitality industry, aver the time crooks used it to steal also additional information from victims.

Back to the present, crooks steal driver’s license information for several fraudulent activities. According to Trend Micro, the version of the RawPOS PoS malware recently spotted attempts to gather both credit card mag stripe data and other valuable information in a single sweep.

“Traditionally, PoS threats look for credit card mag stripe data and use other components such as keyloggers and backdoors to get other valuable information. RawPOS attempts to gather both in one go, cleverly modifying the regex string to capture the needed data.” reads the analysis published by TrendMicro.

The RawPOS PoS malware uses regular expressions to scan processes for strings that look like data stored in the magnetic stripe in order to find “track data”-like strings in memory.

The analysis of the regular expressions used by the threat demonstrates that starting from 2016 the malware scans memory for “drivers” and “license” strings, as well as for an “ANSI 636” string (“636” are the initial digits of the Issuer Identification Number (IIN) for most US states).

Crooks behind the last variant of the PoS malware were interested in driver’s license information belonging to US citizens.

“The Information stored in each license varies per state, but the bar code mostly contains the same information present in each individual driver’s license or state ID – specifically: full name, date of birth, full address, gender, height, even hair and eye color,” continues Trend Micro.

Researchers explained that driver’s license barcode could get scanned in many commercial activities, including pharmacies, retail shops, bars, and casinos.

The availability of personal information along with credit card data provides threat actors with a more “authentic” identity.

“Combining personal information combined with credit card information gives threat actors a more “authentic” identity, and also provides all the information necessary to complete a transaction despite the lack of a physical card. “concluded Trend Micro.” Aside from this, the driver’s license bar code swipe of the victims can also be used for other kinds of misrepresentation, such as identity theft. ”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – RawPOS PoS Malware, malware)