Vskimmer is a dangerous Trojan and botnet that is specifically designed to target credit card terminals and point of sale devices, making its attack particularly effective at stealing credit card and banking credentials. ESG security researchers have observed that Vskimmer has been sold on Russian hacking forums and that its makers claim that Vskimmer can be utilized to rob credit card details from point of sale machines using the Windows operating system. Vskimmer detects credit card readers connected to the victim's computer, steals information associated with these readers and then sends this data to a third party at a remote location. These kinds of attacks have been seen before, particularly in the dangerous Dexter Trojan. In fact, Vskimmer seems to be a continuation of Dexter. However, criminals have now integrated even more sophisticated functions into this malware attack.
How Vskimmer Differs from Known Banking Trojans
Highly effective banking Trojans like Zeus or Zbot have existed for years and have been developed to use very advanced techniques to steal credit card and online banking information. However, Vskimmer uses a different approach. While traditional banking Trojans launch as bigger a net as it can, hoping to target computer users that regularly use credit cards to make online payments and that access their bank accounts online, malware like Vskimmer are designed to infect fewer computers. However, since the computers targeted by Vskimmer are point of sale machines that are attached to credit card readers, this means that a single Vskimmer infection can result in dozens, if not hundreds of compromised credit cards or bank accounts in a single day.
Vskimmer was first observed in February of 2013. However, similar Trojans have been tormenting PC users for at least twosome years. To install itself, Vskimmer uses standard Worm and Trojan techniques, often installed on the victim's computer through an infected USB device. Basically, Vskimmer scans memory processes on the victim's computer in order to extract credit card information being processed through a credit card reader. Vskimmer then encodes this information using B64 encryption and, using standard HTTP protocol, connects to its Command and Control server. Since Vskimmer is designed to steal Track 2 data from credit cards (including full credit card number, confirmation code and expiration date), all stolen credit cards can then be used to make fraudulent purchases almost immediately, making Vskimmer a severe threat.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.