RSA Chewbacca discovered Trojan to steal credit card data




Security researchers from RSA have on equipment that credit card payments are processed called Chewbacca Trojan found. The malware searches the memory for certain patterns and features keylogging functionality.

The memory scanner Chewbacca Trojan creates a copy of the memory and search using regular expressions to data that appears to come from the magnetic strip of a credit card. If a credit card number is found it is sent to a central server and stored.

Sending the captured data by Chewbacca is through the Tor network. This cyber criminals trying to conceal. The IP address of the command and control server The server was only accessible via a. Onion address. The Chewbacca malware masquerades as the RSA as spoolsv.exe, the file for the Windows Print Spooler. By deleting this file system should be disinfected.

The server backend of Chewbacca malware gives a criminal a simple web interface to the captured data and the botnet, reports on RSA. An administrator of the botnet could be traced until it disappeared into the anonymity of the Tor network. The security to a country in Eastern Europe The FBI, after having received information from a server RSA cyber criminals have been able to disable it.

RSA states that Chewbacca trojan despite its simple structure and functionality in recent months has been shown to steal credit card data at numerous companies in eleven countries very successful. According to Reuters would involve more than 49,000 credit card details that are copied. More than 24 million transaction data would also be appreciated. The security company recommends that companies with better encryption to provide their payment systems and to install. Better monitoring software


In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »