Maintaining the security of point-of-sale (POS) systems is a growing concern. The trend of POS malwares discovered last year continues with the recently discovered JackPOS malware. Like a number of POS malware families discovered last year, including Dexter, vSkimmer, Alina and BlackPOS, the new JackPOS malware is designed to steal payment card information from the infected POS systems. Similar to these malwares, it utilizes a command-and-control (C&C) communication channel to receive operational commands and exfiltrate the stolen credit card data.
The loading and delivery of the JackPOS malware is done through a drive-by download attack. After infecting the systems, the malware extracts credit card data from point-of-sale systems using code similar to the RAM-scraping POS malware known as Alina. The attackers use obfuscated compiled AutoIt script, which, according to IntelCrawler, “became quite a popular method to avoid AV detection in order to unpack additional binary malicious code and execute further instructions received from the C&C server.”