NEWS & TOPICS(詳細) - CVS株式会社


Fraudsters are using a revamped version of the Alina Trojan to target Windows-based point-of-sale devices
to steal payment card data, according to Century Link's Black Lotus Labs.
Alina Trojan改良版(亜種)を使って、WindowsベースのPOS端末からカード情報を盗むための攻撃があるようです。

The malware operators are using unsecured DNS protocols for communication between the infected POS
devices and their command-and-control server to exfiltrate the data, according to the report.

Many users of Windows-based POS machines restrict or lockdown ports and communication protocols,
such as the HTTP protocol, to restrict access to these devices and the data that they contain.
But the DNS protocol is sometimes overlooked or poorly secured, according to the report.

"This makes DNS an attractive choice for outbound communication in POS malware,
including the exfiltrating of stolen credit card information.

those targeted by the malware included a fast food restaurant, a financial services company,
an ice cream shop, a gas station and a brewery.

Other POS malware has resided on POS machines for long periods of time without detection.
For example, in December 2019, convenience store chain Wawa found that malware that had
been planted on POS devices at nearly all of its 850 location throughout had gone
undetected for close to eight months

Alina Trojanについては、英語ですが下記URLから参照ください

POS Malware Using DNS to Steal Payment Card Data