In late April 2020, Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the compromise of a North American merchant. The malware variants were identified as Alina POS, Dexter POS, and TinyLoader. These malware variants were deployed on the merchant network in an effort to harvest track 1 and track 2 magstripe payment card data from the merchant’s point-of-sale (POS) environment. However, the targeted merchant had EMV® Chip enabled point-of-sale terminals. The implementation of secure acceptance technology, such as EMV® Chip, significantly reduced the usability of the payment account data by threat actors as the available data only included personal account number (PAN), integrated circuit card verification value (iCVV) and expiration date. PFD is providing the indicators of compromise for merchant network security purposes.
Article 36000240202