View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. News
  2. Industry news
January 31, 2014updated 21 Jan 2022 8:31am

Card Wars as data-scraping “ChewBacca” Trojan infects 11 countries

A previously unseen malware program, suspected to have been created in Eastern Europe, has infected POS systems in at least 11 countries and stolen details of 50,000 cards.

By Ellie Chambers

A previously unseen malware program, suspected to have been created in Eastern Europe, has infected POS systems in at least 11 countries and stolen details of 50,000 cards.

RSA FirstWatch’s discovery of the Trojan virus, named “ChewBacca”, comes not long after retailers in the US were targeted through their POS platforms.

Richard Moulds, VP of strategy at Thales e-Security, said: “The ChewBacca findings simply confirm something we already know, regular PCs and servers can’t be secured.

“In-store point of sale terminals are particularly vulnerable because they handle highly sensitive card holder data, they exist in large numbers so are hard to manage and yet are in notoriously insecure places – the retail store.”

RSA, an organisation that researches and analyses malware, found that infection had mainly occurred in the US, perhaps because the Trojan works by scraping magstripe data from POS.

Other countries affected included Russia, Canada and Australia.

Moulds argued for greater encryption of data, saying: “We already have a solution for protecting PINs and it works just fine, we rarely see stories of stolen PINS.

“PINs are encrypted directly in the card reader itself by physically hardened circuitry as soon as they are entered by the shopper.

“Encrypt or tokenise cardholder data at the point of capture and decrypt only on a need to know basis and only in trusted environments. It really requires a shift of mindset.”

Related articles:

American data theft victims not deterred from using credit cards – Ipsos and Reuters

1.1m Neiman Marcus customers hit by US card data breach

US banks and retailers in slanging match over Target breach

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Electronic Payments International