/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsCLEVELAND,USA: SecureState, a management consulting firm specializing in information security, has developed a custom scanning tool that retailers can use to detect Black POS malware, and other similar strains. Black POS is the reported culprit behind recent retail data breaches, and is also known as KAPTOXA, a more advanced version of the original malware.
Krebs on Security recently reported that, "this type of malicious software uses a technique that parses data stored briefly in the memory banks of specific POS devices; in doing so, the malware captures the data stored on the card's magnetic stripe in the instant after it has been swiped at the terminal and is still in the system's memory."
It has also been reported that there are currently no known antivirus programs that detect the malicious files used in these attacks.
"We don't currently know if installed antivirus software on POS systems has been updated to detect this malware," Spencer McIntyre, SecureState's lead researcher said. "But, we do know that this tool will allow retailers to manually, or remotely, scan their systems for these specific strains, whether or not they have antivirus software installed."
The tool will scan for service, file, registry and autorun artifacts to determine if any KAPTOXA footprints are present on the POS system. A confidence output is generated giving the user an indication of a likely compromise.