Security researchers from Forcepoint (US security firm) have discovered a new strain of malware called UDPoS that relies on a different method to steal credit/debit card data from point-of-sale (PoS) systems.
A PoS device is designed to perform a retail transaction. It calculates the amount clients must pay for their purchases and give options for clients to make said payment. PoS devices are connected to the Internet to authorize transactions by sellers.
The POS malware uses Domain Name System (DNS) queries to exfiltrate stolen credit card information, instead of HTTP that has been applied by most POS malware in the past. UDPoS masks itself as an update from LogMeIn, which is a legitimate remote desktop control service used to manage machines remotely. This method has been used to avoid detection while transporting stolen credit card data pass firewalls and other security controls.
LogMeIn said that the malware is designed to fool an unsuspecting user into executing a malicious email, link or file, possibly including the LogMeIn name.
“This link, file or executable isn’t provided by LogMeIn and updates for LogMeIn products, including patches, updates, etc., will always be delivered securely in-product. You’ll never be contacted by us with a request to update your software that also includes either an attachment or a link to a new version or update.”