By JubileeX in Malware

Threat Scorecard

Ranking: 6,596
Threat Level: 10 % (Normal)
Infected Computers: 58
First Seen: February 14, 2014
Last Seen: September 15, 2023
OS(es) Affected: Windows

JackPOS is used to target point of sale computers in order to collect people's credit card information. The majority of JackPOS infections have occurred in Canada, Brazil, India and Spain, although infections have been detected in other parts of the world. JackPOS attacks are particularly devastating because a single infected computer may result in hundreds, if not thousands of compromised credit cards. JackPOS belongs to a large category of especially harmful threat known as POS, or Point of Sale, that harvests credit card information. JackPOS is a relatively new type of POS infection that was uncovered recently by PC security researchers. JackPOS started to attract attention after infections all around the world, encompassing countries like India, Canada, Brazil, France, Spain and the United States, as well as minor outbreaks in Argentina and South Korea.

The Refined Sophistication of the JackPOS Attack

JackPOS is distributed using typical threat delivery methods. The main way in which JackPOS is distributed is through the use of a drive-by attack. In the wild, JackPOS is disguised as a Java Update Scheduler file. Computer users attempting to download this file install JackPOS on their computers. If these computers are used in a point of sale equipment (usually, JackPOS targets these types of computers specifically) then they can quickly start harvesting the victims' credit card information. Loaders used to distribute JackPOS use heavily obfuscated scripts that allow them to bypass security programs that are outdated and not equipped to deal with this type of obfuscation. Once installed, the loader connects to a remote server and downloads and installs the JackPOS' files. The sophistication of the attack makes it clear that the persons responsible for JackPOS attacks have significant resources and experience.

JackPOS has been responsible for thousands of attacks around the world. JackPOS has collected nearly seven hundred credit cards in Canada, 420 in India, and 230 in Spain. However, the most affected city of São Paulo, Brazil, where about three thousand cards have been compromised. JackPOS is derived from Alina, a previous POS infection. It is important to take extra security measures to protect all point of sale equipment to prevent these types of devastating infections.


JackPOS may call the following URLs:



Most Viewed