FastPOS was identified in March 2015. IT security firm Trend Micro reported recently that criminals have upgraded the malware, making it trickier to uncover after infection.
FastPOS is designed to breach computers connected to POS systems. Like other “smash and grab” POS malware, it seeks the data found in the magnetic strip of a credit card: the cardholder’s name, the card expiration date and the card number. That data is sent back as quickly as possible to a criminal’s command and control server.
Several factors make FastPOS notorious. The malware has a discernable “version update” history. Criminals who use it blatantly sell stolen information over the internet. It sacrifices stealth in favor of instant uploads of pilfered data.
Trend Micro reports that FastPOS is used against small and medium sized companies. The recent iteration will likely be employed during the Christmas holiday season, particularly in the US.
How FastPOS Tries to Get In
Criminals appear to rely on social engineering and brute force to inject FastPOS into Microsoft PCs connected directly to a point of sale.
Attacks begin with emails to unsuspecting users. The emails can tempt users into clicking on a link to a seemingly legitimate website. The attackers may simply attempt to share or transfer an infected file, targeting Microsoft’s Virtual Machine Configuration files, or through real-time file sharing.
Trend Micro says the VCM file transfer and real-time file sharing both imply social engineering to tempt users to launch the malware. The suspicious link implies a brute force attack in which the criminal tries to pry their way into a computer system.
Once present within the POS terminal, the malware utilises a keylogger and RAM scraper to collect as much information as possible for immediate upload to the criminal’s computer.
Education is Prevention
Experts say the best approach to protect against malware is to educate, encrypt and patch.
Make sure all your employees using PC-connected POS know the danger of malware attacks. They should be skeptical of unusual or unexpected emails from familiar senders. They should never open a link in an email from an unknown source. They should spread the word as soon as they receive an email they don't trust.
Also, make sure to update and patch your virus detection software on all your PC based POS terminals.
Finally, consider using a Point-to-Point Encryption strategy to protect the data collected when a credit card is swiped through a POS machine.