Security Experts Warn of ‘Highly Sophisticated’ ModPOS Malware

The Texas-based cybersecurity firm iSight Partners released a detailed report on ModPOS earlier this week, and has already briefed “numerous” retailers about the potential threat.
The company said its experts are also working with the Retail Cyber Intelligence Sharing Center to help member businesses watch for and defend against the malware platform.
ModPOS is not only difficult to detect, but can be configured to target multiple and specific parts of retailers’ POS systems.
Based on some IP addresses observed as they reverse-engineered the platform, iSight researchers believe the malware might have ties to Eastern Europe.
ModPOS also features custom plugins and other specialized functions, Ward noted. “Given its sophistication, it has taken our malware analysis ninjas a substantial amount of time to reverse-engineer the software,” he said.
Even retailers with more advanced POS systems using EMV smart card (also called chip-and-PIN) technology can be vulnerable to ModPOS, according to iSight.
If the POS system isn’t configured to support end-to-end encryption and encrypted data in memory, ModPOS — as well as other malware that uses RAM scraping techniques — can still enable access to customers’ payment card data, Ward said.
That data can then be reused for online purchases where the physical presence of a payment card isn’t needed.

Share This Post