POS Malware Breach Sees Payment Cards Hit Underground Shops

News about POS malware breaches affecting two retailers hit the headlines last week, this time featuring a fast-food restaurant chain in the U.S. that operates around 3,500 locations across the country, most of which are franchised, and a popular supermarket.

Both entities, like others before them, were notified of suspicious activity by a third-party service provider who spotted the potential issues. The breaches could have originated either from internal vulnerabilities or through third-party suppliers.

In one of the cases, the card breach was reported publicly on Sept. 26, but the card information had apparently been up for sale in underground online shops for over a week. One illicit shop, in particular, known as Joker’s Stash, reportedly had been selling the cards under the batch name FireTigerrr since Sept. 18. Another cybercrime service that checks card validity for fraudsters saw the first batch appear as early as Sept. 15.

This means the breach has been collecting data on an ongoing basis. According to the cards-for-sale lists from the shop, the incident spanned locations in a variety of states. See Figure 1 below (Note: In fraudster lingo, dumps refer to card data stolen from the magnetic stripe of the compromised card and subsequently used for cloning the data onto blank plastic cards).

Read the rest of this blog post here.