Skip to main content

'LusyPOS' Malware Aims to Ruin Your Holidays

A still from the TV show \

(Image credit: A still from the TV show "I Love Lucy." Credit: CBS/Paramount.)

Cybercriminals and online attackers are doing their holiday shopping. A new strain of point-of-sale malware has appeared on underground black markets, designed to steal credit- and debit-card information from shoppers as cards are swiped at point-of-sale (PoS) checkout counters.

Called LusyPOS, the new malware currently goes for $2,000 on the black market. A similar, but not directly related, kind of PoS malware was  used to attack Target retail stores last year, which resulted in the theft of 40 million payment cards.

MORE: How to Survive a Data Breach

LusyPOS works by infecting point-of-sale machines in retail locations, and then "scraping," or collecting, the payment-card data as it's momentarily held in the device's RAM before encryption. The data is then transmitted to a remote server, where the attackers operating the malware can access and use it.

LusyPOS is fairly new, as malware researchers Nick Hoffman and Jeremy Humble noted on the Security Kitten blog, but it seems to share code with other point-of-sale malware families such as Dexter and Chewbacca.

Advertisements for LusyPOS have appeared on "carder" websites where stolen payment-card data is bought and sold, as Brian Minick of Cincinnati, Ohio-based security company CBTS told NetworkWorld.

At time of posting, only 7 out of 54 antivirus programs, none of them American, whose detection engines are listed on malware-analysis site VirusTotal could detect LusyPOS. Some of these engines seemed to be detecting LusyPOS based on its use of the Tor privacy network to hide its tracks when it communicates with the remote server.

"This is just a scratch in the surface of a new malware family," Hoffman and Humble wrote. "We'll be curious to watch it evolve over the next couple years and track its progress," Hoffman concluded.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+Follow us @tomsguide, on Facebook and on Google+.