Skip to main content

Cash Registers Worldwide Hijacked to Steal Credit Cards

Keeping your own financial information safe online is generally simple enough, but when your neighborhood supermarket unknowingly ships your credit-card information overseas, there may not be much you can do.

A new study suggests that almost 1,500 computerized cash-register systems across more than 30 countries have been infected by malware and are now part of a botnet — a network of machines secretly connected and placed under the control of cybercriminals without their owners' knowledge — that steals credit-card information with a simple swipe.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

Information about the botnet, known as Nemanja, comes from Los Angeles-based security company IntelCrawler. According to the company's research, cybercriminals, possibly based in Serbia, are infecting point-of-sale (POS) terminals in order to funnel credit-card and bank information into malefactors' hands.

The Nemanja botnet does not consist of one particular kind of malware, but rather a collection of related programs that connect different types of POS terminals back to cybercriminals. Broadly speaking, the programs affect POS software used in supermarkets, delis, bodegas and convenience stores, rather than in restaurants or other shops, but there's no hard-and-fast rule.

The way Nemanja collects card data is simple: A customer makes a purchase, swipes a credit card and the bank remotely verifies his or her information. Nemanja then transmits this information to cybercriminals, who gain access to a customer's name and card number.

This may not be enough information to complete a transaction — many online retailers require a security code not contained in the card's magnetic stripe — but it's a promising start. (A different sort of POS malware was responsible for last fall's devastating Target data breach.)

The tricky thing about Nemanja is that because many forms of malware are involved, there's no one simple way for users to protect themselves from it, nor for stores to detect it. IntelCrawler observed Nemanja collecting data from at least 25 different brands of POS software. Most of the POS software runs on Windows, but some of it also runs on Linux or iOS (iPads are now often used as POS devices).

For some of those platforms, isolating malware may not be as simple as running a virus scan. IntelCrawler can provide a list of compromised terminals and help infected businesses get clean — for a price, of course.

Beyond that, IntelCrawler is keeping much of the pertinent information to itself, including which stores to avoid and which criminal organizations are behind Nemanja. The safest thing to do is to either stick to stores you know and trust, or simply pay in cash.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

Marshall Honorof

Marshall Honorof is an editor for Tom's Guide, covering gaming hardware, security and streaming video. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.