US Retailers Hunt for Attacks After Warning on Stealthy Malware

Advertisement
By Reuters | Updated: 25 November 2015 11:24 IST
US retailers are hunting for evidence of new breaches leading into the holiday shopping season after a cyber intelligence firm privately warned them about payment-card-stealing malware that it said evades almost all security software.

"This is by far the most sophisticated point-of-sale malware seen to date," said Maria Noboa, lead technical analyst for privately held iSight Partners, which uncovered the malware and was due to release a technical report about it on Tuesday.

The firm had shared information about the malware, dubbed ModPOS, with clients in October, and briefed dozens of companies, including retailers, hospitality companies and payment-card processors, about its dangers.

Advertisement

Retailers began hunting for the malware in the approach to this week's unofficial launch of the holiday shopping season, the busiest time of the year for most merchants, according to the Retail Cyber Intelligence Sharing Center (R-CISC), an industry group set up this year to fight hackers.

(Also see:  Amazon Forces Some Customers to Reset Passwords)

Retailers have been fending off increasingly sophisticated payment-card theft schemes for more than a decade. The biggest breaches to date include a notorious 2013 holiday-shopping-season attack on Target Corp and a major breach at Home Depot Inc, each of which compromised tens of millions of payment card numbers.

ISight declined to say how it uncovered the ModPOS threat or name any targeted retailers.

Some retailers have found digital evidence that linked threat indicators they had previously seen to ModPOS, though that does not necessarily mean they were victims of breaches, said Wendy Nather, director of research for R-CISC.

Advertisement

"I couldn't tell you who is most likely to be compromised by this," Nather said. "But if it were harmless, we wouldn't even be talking about it."

Her group, which was set up this year, has approximately 50 members including Gap Inc, J.C. Penney Co, Lowe's Co and Walgreens.

Advertisement

ISight said it first identified the malware late last year, but only came to understand its sophistication in recent months after breaking encryption that hid how the malware works.

ModPOS includes modules for "scraping" payment-card numbers from the memory of point-of-sale systems, logging keystrokes of computer users and transmitting stolen data, according to iSight.

Advertisement

© Thomson Reuters 2015

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Best Thin and Light Laptops Under Rs. 70,000 for College Students in India
  2. Amazon Prime Day 2026: Best Deals on Soundbars From JBL, and More
  3. Best Mobiles Under Rs. 30,000 in India
  4. Amazon Prime Day 2026: Top Deals on 65-inch Smart TVs
  5. Amazon Prime Day 2026 Sale Is Live: Best Tech Deals
  1. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  2. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  3. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  4. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  5. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  6. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  7. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  8. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  9. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  10. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.