Security vendor Trustwave reported a new malware targeting retailers called Spark, a derivation of the program Alina from late 2012.
Point of sale (POS) malware programs swarmed retailers in 2014, the most prevalent being Backoff after targeting and impacting more than 1,000 retailers nationwide. Others included FrameworkPOS, BlackPOS, and JackPOS.
PC World reports Spark was found while Trustwave was performing multiple breach investigations for automotive repair and maintenance businesses, operating solely on Windows OS. The malware was utilizing custom credit card searching methods, a component unique to Alina and JackPOS malware, indicating a relationship among them.
Spark is designed to compile credit card data by compromising the system’s random access memory (RAM) and taking data while cards are being processed on the machine. The data is then transmitted from the targeted company to the hackers on a system under their control.
The malware also utilizes AutoIt, a technology allowing hackers to alter file signatures to avoid discovery via antivirus software on retailers’ operating systems.
Spark is designed for the most common attack against POS devices, weakening and stealing easily discoverable credentials via brute force. Point-to-point encryption (P2PE) is a defense against attacks of this type.