Security researchers from RSA have on the equipment on which credit card payments are processed the so-called ChewBacca-trojan found. The malware then searches the computer memory for certain patterns and includes keylogging functionality.
The memory scanner of the ChewBacca trojan creates a copy of the main memory and search using regular expressions for data that appears to be from the magnetic strip of a credit card. If a credit card number is found, this to a central server and stored.
The send of the by ChewBacca captured data goes through the Tor-network. Because of this, try the cyber criminals is the ip address of the command and control server to disguise. The server was only accessible via an .onion-address. The ChewBacca-malware disguises itself according to the RSA if spoolsv.exe the file for the Windows Print Spooler. Through this file to delete would be a system disinfected.
The server-backend of the ChewBacca-malware gives a criminal a simple web interface to the captured data and the botnet, reports RSA further. An administrator of the botnet would be by the security company to a country in Eastern Europe are traced until it disappeared into the anonymity of the Tor network. The FBI would, after information of RSA, a server of the cyber criminals have been able to turn it off.
RSA states that the ChewBacca trojan in spite of its simple construction and functionality over the past months, has proved successful in stealing creditcarddata with numerous companies in eleven countries. According to Reuters, would be the go to over 49,000 credit card details that are copied. Also would be more than 24 million transaction details are viewed. The security company advises companies to ensure that their payment system is better encryption and better monitoring software to install.
