McAfee Warns of vSkimmer Malware Targeting Credit Card Readers


McAfee researchers recently came across a reference on a Russian underground forum to a new Windows Trojan called vSkimmer, which is designed to detect credit card readers and steal credit card information (including account number, expiration date and three-digit code) from the PCs that are attached to those readers and send the data to a remote server.

Notably, if Internet access isn't available, the malware waits for a USB device with the volume name KARTOXA007 to be connected to the infected computer, then copies stolen data and credit card information to the USB drive in a file called "dumz.log."

The malware is apparently a successor to the Dexter malware, which was first uncovered by Seculert researchers in December of last year.

"We already know about botnets such as Zeus and SpyEye, which perform financial fraud using extremely sophisticated techniques including intercepting the victims’ banking transactions," writes McAfee's Chintan Shah. "VSkimmer is another example of how financial fraud is actively evolving and how financial Trojans are developed and passed around in the underground community."