"Researchers Uncover More Than 167,000 Stolen Credit Card Numbers, Primarily From The US"
According to researchers with Group-IB, cybercriminals used a pair of point-of-sale malware variants to steal more than 167,000 payment records from 212 infected devices, mostly in the US. It is unclear who is behind the attack or whether they sold or used the pilfered card data. The researchers estimate the information could be worth more than $3.3 million, highlighting how malware designed to steal information from credit card payment terminals remains a troubling concern. The researchers identified a poorly configured command and control server for point-of-sale, or POS, malware MajikPOS in April 2022. The configuration allowed the researchers to analyze the server and discover that it hosted a separate command and control administrative panel for Treasure Hunter, a separate POS malware variant that also collects compromised card data. The researchers’ analysis revealed that since at least February 2021 through Sept. 8, 2022, the operators had managed to steal payment records. The researchers currently identified 11 victim companies in the United States. The researchers stated that the analysis showed that the operators had initially used a variant of Treasure Hunter, which dates back to at least 2014. In early 2022, the operators augmented their arsenal with a more advanced malware, namely MajikPOS. Industry analysts first spotted MajikPOS malware attacking targets in the US and Canada in early 2017. The researchers noted that MajikPOS has additional features, such as a more appealing control panel, an encrypted communication channel with a command-and-control function, and more structured logs. The researchers stated that Treasure Hunter contains records about the processes running in an operating system of the device from which the data was stolen, along with their names. The researchers managed to analyze roughly 77,400 unique credit card dumps from the MajikPOS panel, with more than 75,000 of those from US credit card issuers. They found more than 90,000 from the Treasure Hunter panel, and 86,411 of those were from US issuers. The researchers noted that the market for stolen credit card information totaled more than $908 million between April 2021 and April 2022, averaging about $20 per card.