A new family of malware has been discovered infected point of sale (POS) terminals and using a unique method to avoid detection.

Many POS malware works by infecting systems and staying hidden, collecting data and uploading it at intervals to its command and control (C&C) server. This is usually done to avoid spending too much time being visible to the victim.

FastPOS, a new malware family discovered by Trend Micro, completely sidesteps this process. The malware sends any and all data it can get its hand one as soon as it gets it.

Comprised of two main modules – a keylogger and a memory scraper – FastPOS sends password and username data almost the instant that the victim presses enter on their keyboard. The memory scraper aims to capture credit card details as soon as possible.

“FastPOS’s design sets it apart from other POS malware families,” Trend Micro says. “It appears to be designed to operate in situations where a large, enterprise-scale network may not be present: instead, it is designed for environments with a much smaller footprint.”

The malware doesn’t appear to have been designed to target a specific geographical region, either. Trend Mirco reveals that it found instances of FastPOS in the US, Brazil, Japan, Taiwan and Hong Kong.

Attack vectors for the malware have been identified as a real-time file sharing service, compromised medical sites and brute-force attacks by cybercriminals.

FastPOS is also on sale on various underground forums, where snippets of code are shared between hackers asking for troubleshooting tips.

By Alex Hamilton

by Alex Hamilton
Alex is Senior Reporter at IBS Intelligence, follow him on Twitter or contact him at: alexanderh@ibsintelligence.com