Exposing The POS Malware Cherrypicker After a 4 Year Shrouding

Posted
Home / Blog / IT security news / Exposing The POS Malware Cherrypicker After a 4 Year Shrouding
Exposing The POS Malware Cherrypicker After a 4 Year Shrouding

Malware is a serious threat to all PC owners especially if it is one that manages to evade detection. According to Trustwave, sophisticated modern tricks have let malware be a chronic headache to security and AV system vendors.

Today, one of the main targets has turned out to be credit and debit card users. The firm has warned of a persistent threat that faces such card owners when they are swapping their cards at point-of-sales (POS).

Cherrypicker is a malware that has been roaming all over the internet for the past 4 years. Despite a lot of effort and handwork by antivirus and security vendors to capture all possible angles which a threat can be directed to POSs and other systems, this malware has remained undetected. The main reason why it has been in the shadows while doing damage to many people’s credit and debit card balances is because it has been designed using highly sophisticated and modern techniques.

According to Trustwave, Cherrypicker can be configured for a list of reasons. Of late, there is a technique used for scraping all credit or debit card holder’s data from a point-of-sale which is where this malware targets. This malware is designed to effectively employ obfuscation, encryption, and configuration of files and use command file arguments to its advantage. This has subsequently allowed it to remain undetected for all this time.

Point-of-sales have become a favorite destination for criminals who want to steal cardholders’ data in the recent past. With the use of a new trick to parse the memory and get hold of cardholders’ data, this malware has managed to go undetected. According to Trustwave, this malware comes with a complicated high-tech infector and a specific targeted cleaner program to effectively carry out its creator’s intentions.

For many years now, POS have had this weakness of not encrypting data immediately it has been captured from the card. Cyber criminals target this unencrypted data before it is sent off to the payment approval centers. Once criminals have access to this raw card data, they are able to do all they want with it.

In a report a few months ago, security vendor Symantec declared that this POS malware was being used by criminals to steal payment card data more abundantly than previously imagined. Since 2005, the malware threat has been universal and many AV and security vendors have been targeting it. With over 100 million card payments being compromised two years ago, it became apparent just how serious the malware problem is. The increasingly and relatively cheap POS kits which are marketed to be ready to use do not help the situation one bit.

Given that most POS systems today don’t encrypt card numbers immediately they capture them, many criminals have taken advantage of this system security loophole. It is by using this small window that hackers get access to cardholders’ information.