Malware Targets Credit Card Data on Checkout PCs

Dennis Faas's picture

Security firm McAfee says it has discovered a new type of malware designed to steal credit card data from point-of-sale (POS) computer systems. The malware is of the Trojan horse variety and is being called 'vSkimmer'.

Point-of-sale systems, or checkout systems, are the computers used in retail environments.

Malware Communicates Credit Card Data to Hackers

McAfee security researcher Chintan Shah reported on the vSkimmer threat in a recent blog post. According to Shah, the malware was discovered in mid-February 2013 and is currently being discussed on cybercriminal forums. (Source:

Here's how the malware works: once installed on a checkout computer, vSkimmer collects data about the operating system, including its current version, default language, host name, and active user name.

The malware then sends this information back to a central command and control server where it can be used by hackers to keep tabs on infected POS systems.

Once the hackers send a download and execute command, the malware begins scanning for any information that resembles 'Track 2' data. Track 2 data is the information found stored on the black magnetic strip seen on physical credit cards.

By acquiring this Track 2 data, hackers could potentially clone a credit card and use it to make fraudulent purchases.

Chip-Enabled Cards Safe -- For Now

For now, EMV-enabled cards (meaning they use a chip and pin number) can't be cloned in this way. However, security experts note that hackers are working on adding support for EMV, meaning 2013 could be the year that this security measure is effectively bypassed.

Shah also noted that vSkimmer can be used in an offline mode. Simply connecting a USB device with the volume name KARTOXA007 will copy a log file containing Track 2 data.

vSkimmer is just one of many point-of-sale malware threats that have emerged in recent weeks. Another, dubbed 'BlackPOS', has reportedly been used to compromise accounts linked to major American banks, including Chase, Capital One, and Citibank.

Preliminary investigations by security experts have revealed that the BlackPOS creator is based in Russia. It remains unclear where vSkimmer originated. (Source:

Rate this article: 
No votes yet