A point-of-sale malware designed to steal debit and credit card information has been found on systems in 11 different countries, according to security company RSA. Dubbed ChewBacca, the malware was first discovered in late October, and has been found on in-store POS, directly blamed for stealing at least 49,000 account numbers to date.
The Tor-based malware threat communicates with the Command and Control (C&C) server using the anonymous Internet network - protecting the IP addresses of controllers. ChewBacca has proven successful in encrypting traffic and slipping through network-level detection, despite being a relatively simple piece of malware.
In-store POS threats, typically malware to steal customer information, typically go unnoticed, but consumers are becoming more aware of current threats. Criminals want to do whatever is necessary to steal data that they can either use, trade, or sell to other criminals - at the expense of retailers and consumers.