RSA Researchers have unearthed malware that recently infected point-of-sale terminals at several dozen retailers in the US and other countries and successfully captured customers’ payment card data. “ChewBacca,” as the crimeware is dubbed, scr**es large chunks of computer memory from infected terminals and dumps them to a file, a researcher from RSA reported in a blog post published Thursday. It then uses regular expressions and other programming techniques to extract data that was copied from credit and debit cards. ChewBacca also captures sensitive data using a generic keylogger. “The ChewBacca trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months,” Yotam Gottesman, a senior security researcher on RSA’s FirstWatch team, wrote. Researchers found that beginning in late October, ChewBacca had logged track 1 and 2 data of payment cards scanned on infected terminals. Most of the affected retailers were located in the US, although some were in other countries, including Russia, Canada, and Australia.     

Leave a Reply