Visa Warns Hospitality Merchants of Nasty POS Malware Infection

  • Visa unearthed two POS malware infections on North American hospitality service providers.
  • The customers of the unnamed businesses had their card and payment details scraped on May and June 2020.
  • The actors used a mix of malware strains, network infiltration methods, and manual log exfiltration.

Visa, the multinational payments processor and financial services provider, has discovered two widespread POS (point of sale) malware infections in North America, which affected two North American hospitality merchants. More specifically, the ‘Visa Payment Fraud Disruption’ team has analyzed malware samples from two independent infections. The first one involved the variant known as “TinyPos,” while the second used a mix of malicious strains like “RtPOS,” “Mmon,” and “PwnPOS.” The infections were just published via a relevant report, but they took place in May and June 2020.

Unfortunately, Visa hasn’t named the companies affected by this, so customers rely on the breached organizations’ responsibility to inform them. The actors behind these attacks haven’t been identified either, but their methods were recorded in detail. Visa describes a diligent procedure starting with a phishing campaign that targeted the employees of the target merchants. From there, the hackers compromised the stolen accounts and accessed the cardholder data environment (CDE) to deploy the malware.

The POS malware then scraped payment card data and kept the logs locally stored. The hackers manually exfiltrated these logs at a later time, avoiding any risks to raise security flags due to auto-exfiltration functions. Visa has an obscure picture of the actual details of these steps and the deployment of remote access tools and credential dumpers. They know this happened, but the specifics remain elusive.

POS malware is a very dangerous type of infection because the customers have no way to evaluate the potential risk and protect themselves. They just have to trust that the POS is clean and that no scrappers are running under the hood. As we have repeatedly discovered in the recent past, this is not always the case, and the possibility of having your payment data (cardholder name, credit card number, expiration date, and the CVV) compromised is always real.

Cashless payments are a standard and even preferable way to carry out financial transactions today. Still, if you have the option to use an electronic method, you should go for it instead.

As for merchants, Visa suggests the following security measures to be taken:

  • Employ the IOCs contained in relevant reports
  • Secure remote access with strong passwords
  • Enable EMV technologies for secure in-person payments
  • Provide each Admin user with their own user credentials
  • Turn on heuristics (behavioral analysis) on anti-malware
  • Monitor network traffic for suspicious connections
  • Implement Network Segmentation
  • Maintain a patch management program



How to Watch Floyd Mayweather Vs. Logan Paul: Live Stream, Fight Date

Boxing legend Floyd Mayweather makes his return to the ring on June 06 to take on famous YouTuber Logan Paul in a...

Google Finds a Way Out of the Deadlock for YouTube TV on Roku

Google is offering a workaround for Roku users who suddenly got locked out of the YouTube TV app.The tech giant is incorporating...

Cryptocurrency Scammers Have Hijacked Twitter Account of Argentinian Politician

Bitcoin scammers have taken over the Twitter account of a prominent political person in Argentina.The actors are leading their prospective victims to...