Details are emerging about Stardust, a piece of malicious software that targets point-of-sale credit-card processing machines. Stardust has reportedly compromised over 20,000 PoS machines and turned them into a easy-to-control botnet. The malware's masters can monitor the botnet in realtime and issue fine-grained commands to its components, harvesting a titanic volume of payment card details.
The discovery comes as researchers from a separate security firm called Arbor Networks published a blog post on Tuesday reporting an active PoS compromise campaign. The advisory is based on two servers found to be hosting Dexter and other PoS malware. Arbor researchers said the campaign looks to be most active in the Eastern Hemisphere. There was no mention of a botnet or of US restaurants or retailers being infected, so the report may be observing a campaign independent from the one found by IntelCrawler.
It remains unclear how the attackers manage to initially infect PoS terminals and servers that make up the botnet. In the past, criminals have targeted known vulnerabilities in applications that many sellers of PoS software use to remotely administer customer systems. Weak administrator passwords, a failure to install security updates in a timely fashion, or unknown vulnerabilities in the PoS applications themselves are also possibilities.
Credit card fraud comes of age with advances in point-of-sale botnets [Dan Goodin/Ars Technica]