'BrutPOS' malware steals debit and credit card information from swipe machines
Debit and credit card users in the country have been alerted by cyber security sleuths against the damaging activities of a virus which attacks Point of Sale (POS) business counters to steal confidential data like card number and passwords.
The virus, of the deadly Trojan/Botnet family, is prowling in the domestic online media and has been identified as ‘BrutPOS’ by the CERT-In.
CERT-In is the nodal national agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain. “It has been reported that malware variants targeting Point of sale (POS) systems, dubbed “BrutPOS”, is spreading.
BrutPOS mainly targets Windows-based system by leveraging web as the main infection vector apart from being downloaded by other malware families,” the latest advisory by the agency said.
The advisory added that once the system is infected with the malware, it communicates with its command and control servers to update its status and receive commands or list of IP address range to be scan for RDP servers having weak or default credentials. Successful RDP brute force attack allows an attacker to execute another malware in the compromised system that steals payment cards data including card holders name, account no, expiration data, CVV code etc from POS systems.
The virus also has tendencies to steal system information such as Operating System details, system configuration etc, the advisory said.
Once the secret data of a credit or debit card is stolen, it can be prone to a hacking or phishing attempts on the virtual currency, thereby incurring financial loss for the account holder. The POS denotes the cash counter of a shop or a business establishment where a customer or an individual makes online payment (from debit or credit card) after a purchase.
- Other (42)
- Ransomware (123)
- Events and News (26)
- Features (44)
- Security (422)
- Tips (79)
- Google (22)
- Achievements (8)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (187)
- Cyber Attack (219)
- Data Backup (11)
- Data Breach (75)
- Phishing (138)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (55)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (70)
- Hacking (57)
- Social Media (7)
- vulnerability (53)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (4)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)