A new sophisticated backdoor dubbed d4re|dev1| is infecting ticket vending machines used by mass transportation systems and electronic kiosks found in public areas, according to cyber-security researchers.
In August, hackers allegedly compromised a machine in Italy through its Virtual Network Computer software. They used brute-force attacks to discover weak admin credentials.
â€œThese kiosks and ticket machines donâ€™t usually house large daily lots of money like ATMs, but many have insecure methods of remote administration allowing for infectious payloads and the exfiltration of payment data in an ongoing and undetected scheme,â€ said IntelCrawler.
This type of device will become the new target for cybercriminals, the company added.
After gaining access, d4re|dev1| allows attackers to remotely upload files to the infected machine and plant malicious code inside the local network. When used to steal data from compromised PoS systems, the malware uses RAM scraping and keylogging functionalities commonly found in other known PoS malware.
But cybercriminals are after a bigger goal, experts say.
â€œThis broad lateral approach shows that serious cybercriminals are not interested in just one particular Point-of-Sale terminal â€“ they are looking for enterprise wide network environments, having tens of connected devices accepting payments and returning larger sets of spoils to their C2 servers,â€ the company said.