Security News > 2020 > July > Alina Point-of-Sale Malware Spotted in Ongoing Campaign

Alina Point-of-Sale Malware Spotted in Ongoing Campaign
2020-07-01 20:42

A venerable point-of-sale malware called Alina that's been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System tunneling.

Researchers at Black Lotus Labs spotted a still-ongoing campaign that began in April, in which cyberattackers employed Alina to siphon off payment-card information, then used DNS to exfiltrate it.

"The malware searches the RAM of the POS device for this unencrypted credit-card information and sends it back to a command-and-control server. To ensure that only real credit-card data is found when searching the RAM of the device, the malware verifies that the last digit of the card number is the correct check digit using the Luhn checksum algorithm."

The use of DNS isn't unusual - it's a popular choice for malware authors to bypass security controls and exfiltrate data from protected networks, researchers pointed out.

"While earlier samples of the malware used HTTPS or a combination of HTTPS and DNS for the exfiltration of the stolen credit-card information, samples seen starting in late 2018 use DNS exclusively for communication," researchers said.


News URL

https://threatpost.com/alina-point-sale-malware-ongoing-campaign/157087/