June 9, 2015 By Douglas Bonderud 2 min read

Businesses in the hospitality sector may get an unexpected — and unwelcome — guest thanks to the newly discovered MalumPOS malware. According to Trend Micro, the data-stealing tool is targeting hotels, restaurants and a number of large retail chains. Upon check-in, the malware sets up shop and starts scanning for credit card data, then exfiltratres this information for cloning or use in fraudulent online purchases. Here’s what researchers know so far.

Big Numbers for MalumPOS

Right now, this malware tool is after any company running Oracle’s MICROS platform, which amounts to 330,000 businesses worldwide. While Trend didn’t go into detail on the original threat vector or installation method of MalumPOS, they were up-front about the results: Malum is a point-of-sale (POS) ROM scraper able to grab credit data any time magnetic stripes are swiped through a card reader. Information such as the cardholder’s name and account number are up for grabs, and the malware is able to scan for all cards with equal facility.

And it gets worse. As noted by ZDNet, the Delphi-coded tool is configurable, meaning it won’t stay confined to Oracle systems for long. With just a little tweaking, it’s possible to infect almost any other POS system. According to Trend Micro, malicious actors could “configure MalumPOS to include Radiant or NCR Counterpoint POS systems to its target list,” exposing multiple industries to this new risk.

Reading the Market

This new malware points to a worrisome trend: Malicious actors have begun to fully exploit the fact that POS systems are simply another type of computer, making them the ideal platform for data-stealing infections. Tod Beardsley, of security firm Rapid7, told Infosecurity Magazine to think of it this way: “If a device has a USB slot, has an Ethernet port or is on a wireless network, then it is possible to attack it and alter it.”

It’s also worth noting that the malware creators have taken the time to disguise their process with a familiar name. When installed, MalumPOS claims to be an “Nvidia Display Driver” or “Driv3r,” making it seem like a harmless background process. Even though POS systems require no graphics hardware or drivers from Nvidia, the popular name and seemingly innocuous nature are often enough to dampen any suspicions.

As Infosecurity Magazine pointed out, even if Malum doens’t get reconfigured anytime soon, its reach is already substantial. In addition to Oracle MICROS, the malware also goes after Oracle Forms, Shift4 systems and several others accessed via Internet Explorer. In other words, there’s real potential here for a massive credit card compromise. Fortunately, Trend Micro has a MalumPOS Technical Brief with key malware indicators, along with a YARA rule for endpoint software, giving infected companies the chance to track down this unwelcome guest and not-so-politely show it the door.

POS systems remain a high-value target for malicious actors. MalumPOS is the next iteration of this malware class, able to easily change configurations and hide itself in plain sight. Hospitality companies running MICROS need to be on alert; not every guest is in town for the great views or spectacular food — some prefer to dine, dash and then distribute credit card data.

More from

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today