A Tool developed by Ground Labs, which is used to sniff out the payment cards data which includes all Major cards American Express, Discover, Diners Club, JCB, Visa, MasterCard is being used by Cyber-Criminals to do the same (Stealing payment card data,) but for selling out the data in underground market.
Security companies Trend Micro and Arbor Networks published a research upon the POS Malware, which was blamed for data breaches at retailer such as Target and Neiman Marcus.
Card Recon is a legitimate application designed to seek out payment card data across various systems and storage devices, Curt Wilson, senior research analyst at Arbor Networks, told SCMagazine.com in Friday email correspondence.
“This could be very useful for a security professional or a PCI security assessment professional to help discover card data in unexpected places so it can be properly secured,” Wilson said, adding that it has now become “a legitimate tool that was cracked and repurposed by criminals to find [unsecured] card data.”
“Card Recon looks to be a useful tool when wielded by an auditor or security staff, but it is clearly dangerous in the wrong hands,” Arbor Networks wrote in its report.
Researchers with Arbor Networks wrote about Card Recon in a recent ASERT Threat Intelligence report, explaining how two cracked copies of the application showed up in an attack tool-kit that also contains POS malware – including an older version of BlackPOS, the malware used in the Target breach.
“The attack kit discovered by ASERT shows that threat actors do not need a great deal of skill or advanced strategies to compromise [POS] environments, and also indicates that insecure configurations are still a problem [that] allows criminals access to sensitive financial processing systems,” Wilson said.
A senior threat researcher with Trend Micro observed a cracked copy of Card Recon included within a development version of a POS RAM scraper malware.
Most of the payment cards identified by the Card recon, it identifies American Express, Discover, Diners Club, JCB, Visa, MasterCard, and “Test/Others” payment cards, according to Huq, who ran a test and learned that the tool incorrectly identifies some phony payment cards as valid.