Researchers from security solutions provider McAfee have come across a Trojan that’s advertised as being capable of stealing payment information from the Windows machines to which credit card readers are attached.
Dubbed vSkimmer, the malware appears to be similar to Dexter, another malicious element that’s designed to target point-of-sale (POS) systems.
However, the cybercriminal that currently sells vSkimmer on the underground market says that his creation is much better than Dexter.
Once it infects a computer, the malware starts collecting information from the machine and sends it back to a control server.
The Trojan can harvest Track 2 data from the magnetic strip of payment cards. Track 2 data includes the number printed on the card, the expiration date, and the CVV.
What’s interesting about this malicious element is that it can also work without an Internet connection. If no Internet is present, it waits until someone connects a USB device labeled KARTOXA007 and copies all the information it harvested onto it.
Additional technical details on vSkimmer are available on McAfee’s blog.