Security researchers have identified a new malware called Dexter that specifically targets Point of Sale (POS) systems such as cash registers and scanning stations to obtain credit card numbers. As of December 12, 2012, Dexter had infected systems in 40 different countries with the majority of infected systems residing in North America and the United Kingdom. The malware-infected machines a few months ago, just in time to steal data from many of the holiday shoppers.
Dexter steals credit card data by recording downloaded files from the POS device and retrieving information from memory. More specifically, it looks for Track 1 or Track 2 data which is read by most POS devices and contains the account holder name, account number and security code for a credit card. The malware stores the data and sends it in batches every five minutes to the malware operator who can then use it to make false purchases or clone credit cards.
Malware researchers are still trying to determine how Dexter is infecting POS systems but POS owners are not defenseless. They can protect themselves from the malware by using devices that encrypt the credit card data from the point at which the card is scanned through the processing stage in what is known as Point-to-Point Encryption (P2PE). P2PE encrypts the data before it is placed in memory and Dexter is currently unable to decrypt the data so P2PE effectively stops Dexter from harvesting credit card numbers on the POS device.