POS Malware Steals Payment Card and Personal Info from Food Kiosks

By on

Point-of-sale malware can make its way into almost anything these days, from massive corporate systems to individual devices. The latest victim is Avanti Markets, a leading “micro market” vending company hit with malware that has stolen payment and possibly fingerprint data from self-service payment kiosks in various locations.

The cybercriminals likely breached the kiosk provider’s network and used infected Windows computers as a beachhead in the attack. From there, POS malware can bypass some encryption technology and grab unprotected card data out of the volatile memory of a POS device. Regardless, it appears Avanti had not rolled out encryption on all their devices prior to the attack

POS malware is also typically written to attack unique and widely used POS systems, and versions have been found that attack specific restaurant and gas station software kits. The attackers in this case used a Poseidon toolkit developed in 2015.

After investigating the attack, officials said it appears the malware gathered cardholders’ first and last names, credit/debit card numbers, and expiration dates. In addition, users of the Market Card option may have had their names and email addresses compromised. And although biometric information was at risk in this attack, it seems stored fingerprint data has not been compromised.

Avanti states that 1,900 devices were affected, but the true extent of the breach is still unknown. Imitation attacks may soon follow, and the publicity gained by the Avanti attack may be used by attackers in phishing scams to lure Avanti users into further revealing their credit card data.

The good news is Avanti has offered credit monitoring to impacted customers. However, to ensure their financial data is secure, customers should also keep a close eye on their bank accounts to look for any fraudulent activity.

To learn more about this POS malware attack and others like it, follow us at @McAfee and @McAfee_Business.

Categories: Business
Tags: , , ,

Leave a Comment

Similar articles

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered ...
Read Blog

Analytics 101

By on
From today’s smart home applications to autonomous vehicles of the future, the efficiency of automated decision-making is becoming widely embraced. Sci-fi concepts such as “machine learning” and “artificial intelligence” have been realized; however, it is important to understand that these terms are not interchangeable but evolve in complexity and knowledge to drive better decisions. Distinguishing ...
Read Blog