DareDevil PoS Malware Attacks Ticket and Kiosk-Type Machines to Steal Personal Data

More so than ever consumers are mindful of their personal information being at risk with every swipe of their credit card or debit card when making a purchase, whether it be online or at a local store. Rightfully so, consumers should be aware of the dangerous associated with transacting purchases or utilizing vending machines and electronic kiosks. It just so happens that there is a malware threat called "d4re|dev1|," dubbed DareDevil by the security researchers at IntelCrawler. In their recent findings, they have discovered the DareDevil malware as a culprit for hitting Mass Transit Ticket Systems and compromising user information.

The author of DareDevil have been clever in their creation where it may be designed as a legitimate process, "hkcmd.exe." Such a process is known to facilitate hot key interception on computers that have intel graphics. In most cases this process is overlooked by antimalware programs; thus it can run undetected. Additionally, the ability to upload additional files and access the system through a backdoor have been found to be other functions of the malware.

The purpose of DareDevil is to look for card data from the memory of terminals or kiosks. Once the information is found in memory from previous card swipes or data entries, it is then collected during the verification process or point of sale (PoS). Basically, the information transmitted during a PoS transaction will be scraped by DareDevil and then made available for its authors or hackers behind the system attack.

Researchers found that the infection process of most systems that have DareDevil were when employees check their email, play games, access social networks or browser the internet using the terminal system. By accessing the internet in a way other than contacting the proper PoS connection, the DareDevil malware would find its way onto the system.

PoS operators, unfortunately, share some of the blame when it comes to the DareDevil malware infecting the systems that they work on. In such instances, operators do not respect internal security policies put in place to avoid malware. Moreover, using the terminals for internet use other than PoS transactions puts the systems at direct risk.

Security researchers are aware of the destruction that malware like DareDevil can cause. Even so, other systems, such as ATMs and kiosk machines, are susceptible to an attack by DareDevil and could compromise other information giving hackers unfettered access to a nice payday.