TreasureHunt malware strain stealing payment data – expert comment

FireEye announced the discovery of new POS malware earlier this week, called TreasureHunt (also known as TreasureHunter). The malware taps card information from processes running in the systems’ memory and then transmits it to a server operated by cyber criminals. They’re attributing this, and the overall rise in POS malware, to the ongoing EMV transition. Two out of five US retailers still haven’t converted to EMV systems, which they say are resistant to interception malware such as TreasureHunt.

You can see some reports on this malware below:

Malware Strikes Merchants Behind The EMV Curve

POS Malware Tool ‘Treasurehunt’ Targets Small US-Based Banks, Retailers

Commenting on the EMV angle, George Rice, senior director, payments at HPE Security – Data Security, said:

“First, EMV provides no protection for the transmission of sensitive payment information to the acquiring bank. After the EMV card validation process, the cardholder data must be delivered safely to the payment processor. By default, EMV does not provide ANY protections of data in transit to the processor. Criminals use POS malware, memory scrapers and other covert technologies to capture all of the payments data they need from unsuspecting retailers, despite the use of EMV. When such data breaches occur, retailers pay a hefty toll in the form of lost revenue, fines and penalties, executive job loss and even board-level lawsuits.

Second, EMV does nothing to stop the use of stolen card information in online and mobile transactions. Criminals know they can monetise their card data heists by using the information in card-not-present purchase environments. And for the time being, criminals can use stolen cardholder data to create and use bogus mag-stripe cards until EMV has been ubiquitously deployed across the US market. The Merchant Advisory Group estimates that only 20 percent of 13.9 million POS devices at U.S. merchant locations will be EMV capable by October or shortly thereafter.”

(41)

Share