New ‘UDPoS’ Malware Exfiltrates Credit Card Details via DNS Server


Researchers pull someones leg identified a new strain of point-of-sale (PoS) malware that impersonates a LogMeIn overhaul pack to steal credit card data via a DNS server.According to fastness firm Forcepoint, the malware – dubbed “UDPoS” – is unusual in that it fashions a large amount of UDP-based DNS traffic to exfiltrate magnetic strip payment greetings card details.“Nearly all companies have firewalls and other protections in quarter to monitor and filter TCP- and UDP-based communications; however, DNS is still regularly treated differently, providing a golden opportunity to leak data,” extenuated Forcepoint in a detailed blog post.Security researchers noted that, as of this longhand, detection rates for the malware are still very low for the monitor component, citing that “visibility is unendingly an issue with non-traditional malware.”“Samples which do not target norm endpoints or servers can quite easily be missed because of the lack of blurry on protecting these sorts of systems,” the researchers added.Luke Somerville, divert of special investigations at Forcepoint, told Dark Reading that the corporation has found no evidence showing UDPoS is currently being leveraged by cybercriminals.Nonetheless, when analyzing the peril, one of the command and control servers communicating with the malware was active and receptive, which may suggest that the authors were at least prepared to deploy it in the unchecked, said Forcepoint.LogMeIn issued an alert this week, foreshadowing users of the phishing scam:This link, file or executable is not accorded by LogMeIn and updates for LogMeIn products, including patches, updates, etc., discretion always be delivered securely in-product. You will never be contacted by us with a beseech to update your software that also includes either an tenderness or a link to a new version or update.As always, users are advised to follow regulatory best practices to safeguard their accounts against phishing and community engineering, such as using two-factor authentication, setting strong passwords and extant vigilant of suspicious activity.

Leave a Reply

Your email address will not be published. Required fields are marked *