TinyPOS

Despite cybercriminals' diminishing interest in POS (Point-Of-Sale) malware new variants still occasionally pop-up. The lack of interest in this type of illicit activity is not caused by the cybercriminals suddenly being overcome with scruples, no, it is just that banking institutions have been tightening control, improving security and in general upping their game when it comes to protecting their customers.

Still, TinyPOS is proof that this malware is still produced, despite not being as popular as it used to. This interesting malware is written in a somewhat outdated language called Assembly. This language is not very popular because it is regarded as a lower-tier programming language and not easy enough to use. However, Assembly has one big plus too – it allows executable files written in it to be shrunk dramatically. The authors of TinyPOS took this opportunity and made the executable file of their malware only 5120 bytes.

TinyPOS would infiltrate a POS device and begin collecting data from its memory. Namely, credit card numbers which it then proceeds to check and verify by employing the Luhn algorithm. When the validity of the data is confirmed TinyPOS would begin transferring the data to the attackers' servers, which are located in Eastern Europe. This is also where the attackers are believed to be residing.

It is likely that the authors of TinyPOS are aware that large financial institutions have greatly improved security and this is why it is speculated that their malware was intended for poorer regions, which do not have great POS security. Despite this TinyPOS was intercepted in the UK but it is believed that it was only employed there as a test and that major European countries will not be the main target of TinyPOS.