Payment Card Newsflash #008
Dear Credit Card Merchants:
We received the following alert from our credit card processor Elavon Inc.:
Application/Service(s) Impacted: Visa Security Alert
Time of Notification: 6:25 PM ET
Retail Point-of-Sale (POS) Systems May Be At Risk Of Malware That Steals Credit Card Data
Malware comes in all shapes and sizes. Some malware is mass-distributed while other malicious software is purpose-built to target specific data or businesses. Elavon received recent communication that some retailer POS systems may be at risk of malware that steals credit card data. The malicious software called “Dexter” compromises merchants and their Point-of-Sale (POS) systems to steal full magnetic stripe or “track” data from memory and communicates and/or sends the data to Dexter Command and Control (C&C) domains and IP addresses. Based on Visa’s research, it appears Dexter only infects Microsoft Windows systems.
Attached is a Visa Data Security Alert that identifies the malicious domains and IPs. Visa recommends merchants and agents review this list of malicious domains and IP addresses to monitor and block them from their firewall rule sets. Prior to blocking IPs and domains, Visa also recommends that entities perform due diligence and ensure that blocking will not cause connectivity issues for legitimate access.
As a reminder, if malicious software is detected, entities should:
- Take the system offline to prevent propagation
- If the POS system is infected, remove it from the network and consider using dial-up temporarily until the environment has been contained
- If not already completed, block the malicious IPs and domains on the firewall