Undetectable ModPOS in the POS Systems Pose a Threat to Retailers

By CIOReview | Tuesday, December 15, 2015
807
1318
271

FREMONT, CA: The holiday season has brought with itself an unidentifiable threat for the retailers, a malware in their point of sale (POS) systems - ModPOS, according to a report by iSight Partners.

ModPOS or ModularPOS is a comprehensive malware framework that is difficult to detect and can be configured in multiple parts of a POS system. With software development proficiency, it creates a highly functional and modular code base focusing on obfuscation, making it undetectable by a number of modern day security systems.

The modular nature of ModPOS allows it to configure to target specific systems with components like uploader/downloader, keylogger, POS Ram scraper and custom plugins for credential theft. The modules are packed kernel drivers using multiple methods of encryption to evade the highly secure controls. It can affect any sector that uses a POS system including retail, food services, hospitality and heathcare.

Coming to the EMV technology, which was designed to make it difficult for malicious actors to manufacture clones to steal the data from the card, however, if the system configuration does not support end to end encryption then ModPOS can gain access to card data as well.

“ModPOS also features custom plugins and other specialized functions. Given its sophistication, it has taken our malware analysis ninjas a substantial amount of time to reverse-engineer the software," says Stephen Ward, Director, Marketing, iSight.