HOME

TheInfoList



Click Here for Items Related To - Dexter (malware)
OR:
Dexter (malware) on:   [Wikipedia]   [Google]   [Amazon]

Dexter is a
computer virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...
or point of sale malware which infects computers running Microsoft Windows and was discovered by IT security firm
Seculert Seculert is a cloud-based cyber security technology company based in Israel. The company's technology is designed to detect breaches and Advanced Persistent Threats (APTs), attacking networks. Seculert's business is based on malware research and ...
, in December 2012. It infects
PoS POS, Pos or PoS may refer to: Linguistics * Part of speech, the role that a word or phrase plays in a sentence * Poverty of the stimulus, a linguistic term used in language acquisition and development * Sayula Popoluca (ISO 639-3), an indigenous l ...
systems worldwide and steals sensitive information such as Credit Card and Debit Card information.


Function

When Dexter infects a machine it injects itself into iexplore.exe, the
executable file In computing, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instructions", as opposed to a data file ...
that runs
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...
. It also changes Windows registry entries to allow the malware to run on startup of the machine. The malware parses memory dumps by using a Windows function called ReadProcessMemory. Dexter uploads the contents of the memory it parses from PoS machines to a server located in The Republic of
Seychelles Seychelles (, ; ), officially the Republic of Seychelles (french: link=no, République des Seychelles; Creole: ''La Repiblik Sesel''), is an archipelagic state consisting of 115 islands in the Indian Ocean. Its capital and largest city, V ...
. The information Dexter can collect includes credit and debit card information, user names and host names, operating system data, a list of running processes, and encryption keys so the data it collects can be decrypted.


Impact

Businesses infected by Dexter include retail stores, hotels, restaurants, banks, and private parking providers. By December 2012, around the time it was first discovered, the malware was found in 40 different countries, with most compromised machines being located in the United States, United Kingdom, and Canada (where POS systems are ubiquitous) but was also found in Asia (including China, Southeast Asia and India). A variant of Dexter, thought to have been modified to avoid
antimalware Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...
detection by an unknown group in the UK, was linked to estimated losses in the tens of millions for banks in South Africa. South Africa's banks noticed "unusual levels of suspected fraud" after customers used credit cards at various fast-food restaurants. An updated antimalware signature was provided for all outlets suspected of using infected PoS machines. It is unknown how many credit cards were compromised in these attacks, but many were monitored for fraud after the incident.


Variants


StarDust

In December 2013, researchers discovered StarDust, a major revision of Dexter, which compromised 20,000 cards in active campaign hitting US merchants. It was one of the first known botnets to target
point-of-sale The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
(PoS) terminals used by stores and restaurants to process customers' credit and
debit card A debit card, also known as a check card or bank card is a payment card that can be used in place of cash to make purchases. The term '' plastic card'' includes the above and as an identity document. These are similar to a credit card, but u ...
payments. Unlike the original version of Dexter, StarDust can also extract information from internal network traffic instead of information contained to one PoS device.


See also

*
Cyber electronic warfare Cyber may refer to: Computing and the Internet * ''Cyber-'', from cybernetics, a transdisciplinary approach for exploring regulatory and purposive systems Crime and security * Cyber crime, crime that involves computers and networks ** Conventio ...
*
Cyber security standards IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all ...
* Cyber warfare *
List of cyber attack threat trends A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...
* Proactive Cyber Defence *
Point-of-sale malware Point-of-sale malware (POS malware) is usually a type of malicious software ( malware) that is used by cybercriminals to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information, a card's t ...


References


External links

* 2012 in computing Computer viruses Cyberwarfare Rootkits Cybercrime in India {{malware-stub