RawPOS

The RawPOS malware is a typical memory scraper tool that targets POS (Point of Sale) systems. The first iteration of the RawPOS threat appeared over a decade ago – in 2008. The creators of the RawPOS malware have made sure to release regular updates for this threat to improve its features and weaponize it further.

The goal of the RawPOS threat is to collect credit card data from the infected hosts. To do this, the RawPOS malware would scan the memory of the compromised POS system and look for certain strings in specific processes. The strings that the RawPOS threat seeks are ones that are often contained in the magnetic strips of credit cards. Once the RawPOS malware collects the information it was seeking, it will apply the Luhn algorithm to determine the validity of the extracted data. Thanks to the Luhn algorithm, memory scrapers like the RawPOS utility are able to determine whether the credit card information collected from the targeted devices belongs to real, functioning credit cards. Furthermore, the latest version of the RawPOS tool also is designed to look for driver's license details. This means that the authors of this memory scraper may be looking to expand their criminal activity tapping into the identity theft business. This puts the victims at an even greater threat of harm.

It would appear that most of the compromised POS devices are utilized in the hospitality industry. Not many users are asked to provide a driver's license when purchasing goods or services, so few people are at risk. However, users who shop in pharmacies, liquor stores, bars, pubs, and some retails shops may be at higher risk, as they may be required to provide their driver's license.

Stores and other locations that accept payment via POS devices need to be extra careful, as their systems are handling the banking and personal details of their customers. Being infiltrated by a threat like the RawPOS malware can ruin the reputation of a company and expose its customers to great risk quickly. Companies need to up their security and make sure to do everything in their power to protect their customers.