According to the cyber intelligence firm IntelCrawler, the new POS malware dubbed as "JackPos" which is being distributed through drive-by download attack disguise itself as Java Standard Edition binary, replaces the legitimate Java Update Scheduler file in the infected system.
The loaders used in the "Drive-by" download attack has been written in obfuscated and compiled AutoIt Script. Researcher says it is a technique to avoid AV detection and unpack additional malicious codes that will receive instructions from C&C server.
"The Cybercriminals have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system through external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices."IntelCrawler said.
At least 4,000 credit card data appeared to be stolen from several countries. The list of target countries including Canada, Brazil, India, France, Spain, United states, Argentina, Korea and others.
According to Globe and Mail, more than 400 card data have been stolen from Bangalore City, India. 3,000 cards' data stolen from Sao Paulo, Brazil. 700 cards data from Canada, 230 cards data from Madrid have also been compromised.