The “infostealer.rawpos” Trojan Hides, Covers Tracks


Computer security conceptSouth Carolina-based C&K Systems has released further details of its 18-month-long system breach, which went on to affect customers at Goodwill and two additional unnamed retailers.

The news corroborated earlier reports from Goodwill that its point of sale (POS) systems had been infected by malware from February 1, 2013 to Aug. 14, 2014.

In a recent post on ThreatPost.com, Chris Brook reports that, while C&K admits that the company was informed by an independent security analyst at the end of July that its system might have been compromised, it wasn’t until September 5, that it was able to confirm the attack.

As the only full-service point of sale provider — from software development to franchise incubator to ongoing support — part of Sintel’s commitment to our customers and business community is to share relevant ideas, information and industry news.

Here are the highlights of Brook’s post, “POS Service Confirms Goodwill Breach Lasted 18 Months”:

• Ultimately, a cyber investigative team hired by the company was able to detect infostealer.rawpos, a type of point of sale malware that gained access to payment card information at its Managed Services hosting facility.

• The Trojan program searches for track one and track two data from credit cards and then forwards the information to remote servers controlled by the criminals.

• “C&K’s Managed Services system is responsible for managing the point of sale environments, workstations, cloud storage and antivirus of its customers, primarily large retail chains,” Brooks writes.

• According to the report, C&K’s Managed Services system is responsible for managing the point of sale environments, workstations, cloud storage and antivirus of its customers, primarily large retail chains.

• “While C&K counts more than 500 companies as clients,” Brooks writes, “it’s not exactly clear, in addition to Goodwill, which other two companies were breached.”

• C&K says that fewer than 25 of the payment cards that were stolen over that 18-month period have been used fraudulently so far.

• C&K says it has implemented “cutting-edge technologies” that will identify advanced persistent threats (APTs) going forward, and that the company will continue to work closely with law enforcement to “investigate and pursue criminal prosecution.”

• Brooks notes that Krebs on Security reported on July 21 that several banks had begun noticing stolen credit and debit card numbers associated with Goodwill customers were being circulated, yet it wasn’t until September 2 that the company admitted in a letter to customers that it was affected by a “data security issue.”

• Many reports claim that a six-week investigation at Goodwill uncovered that 10 percent of stores (330 total) and approximately 868,000 payment cards were exposed in the breach.

• All payment card information, customers’ names, payment card numbers and expiration dates are all in danger of being compromised.

• Goodwill mentioned the 18-month breach timeframe in the letter but failed to name the vendor and the type of malware, instead claiming a “third-party vendor’s systems” had been implicated.

• Brook notes that while C&K acknowledged that the software it uses conforms to PCI-DSS requirements around data encryption, it also made it clear that “there is no 100% fail-safe security solution for hosting Point of Sale environments.”

• “Point of sale malware has been a scourge on retail over the last year,” Brook writes. “Companies like Home Depot, Neiman Marcus, Michaels and of course Target have all been targeted and breached to different extents.”

Read Chris Brook’s full threatpost.com post here.

For more insights into point of sale security, check out our related posts, Criminals Hit Their Target, 40 Million Cards Affected, US, Canada and Others Hit By POS Infections, P.F. Chang’s China Bistro Gets Targeted, “Backoff” Tracking Memory Taking Credit, and In Loving Memory Of Your Credit Card Data.

Just as Sintel shares our vast point of sale experience and expertise with startup owners in order to help them make the best decisions from the very beginning, we are happy to share articles, advice and commentary about retail point of sale and security.

Whether you’re a first-time franchise hopeful, a small business owner or an established chain, it’s always smart to stay on top of the latest point of sale best security practices to achieve financial success.

If you are interested in learning more about Sintel’s point of sale systems and how our knowledge and support can impact your future success, call us for a complimentary phone consultation.

Sintel Systems is the only direct to end user full-service provider of tailored Point of Sale systems across retail, restaurant and service industries, including frozen yogurt shopspizzeriassushi restaurantscafés and retail stores.

As a single source for business solutions, our experienced, knowledgeable team negotiates the complex POS landscape for you to enable you to find the right POS system for your business and budget. Hardware – Software – Support

Questions or Comments: Contact us 855-POS-SALES www.SintelSystems.com

Leave a comment