Serial Killer Runs Amok in South Africa. Dexter Payment Card Malware Responsible for One of the Biggest Cyberfraud Attacks in Country’s History.
Deriving its name from a TV series about Dexter Morgan, a police blood-spatter analyst by day and serial killer in his spare time (hey, everybody needs a hobby), the Dexter Payment Card Malware devotes all its time to compromising payment card systems.
And there’s another difference between the fictional TV character and his namesake. TV’s Dexter only hunts down criminals who’ve managed to elude justice. The Dexter Payment Card Malware is not so particular. So far, according to the Payment Association of South Africa (Pasa), this malware has attacked shops, restaurants and hotels to the tune of over one million U.S. dollars.
Leo Kelion, technology reporter, writes on bbc.co.uk that “the Dexter code was linked to a series of attacks on point-of-sale systems in the UK, U.S. and dozens of other countries towards the end of last year.
“It skims and transmits the cards’ magnetic-strip information allowing clones to be made that can then be used for fraudulent purchases.”
Commenting on the scope of the attack, Walter Volker, Pasa’s chief executive, said, “It’s probably the worst (attack) of its kind in terms of the losses.
“We started detecting higher levels of fraud at some of these retailers early in the year – from about late-January, February. We initially thought it was a normal seasonal thing, but as the volumes increased we decided to appoint a forensics investigation company.
“Eventually it was able to find this particular malware in some of the locations. Very soon after we found the cause of the compromise, we were able to clean up those sites with anti-malware software.”
The attack targeted back-end systems, its intent to steal data from the cards’ magstrips. However, it didn’t steal Pin codes or CVV payment authentication numbers (The Card Verification Value or CVV is an extra code on a debit or credit card. It’s not printed on receipts, so only the card holder should know what it is. CVV is used when a payment is made and the card holder’s not present, such as for online purchases). Therefore the thieves would not have been able to withdraw money from bank cash machines or use the information to make purchases online.
Volker explains, “Normal anti-virus software would probably have cleaned up Dexter but it was a particular custom-built variant, which was not detectable with the normal scanning software.
“It seems like it was a European-based syndicate – we don’t exactly where – but Interpol and Europol are making good progress in trying to apprehend these particular perpetrators.”
Bloomberg news agency reported that KFC fast-food restaurants’ card systems were among those to have been compromised. It also reported that Famous Brands, a locally based burger and pizza chain operator, had some of its payment machines compromised.
Volker pointed out the industry would bear the brunt of these attacks, “In terms of the banks, there’s probably not a single issuing bank in the country that has not been affected in some way.
“The South African card holders – or potentially tourists using their cards at the affected sites – will not be exposed to any losses. It’s just the inconvenience of detecting false transactions on their accounts.”
Volker advised card holders that if they detected fake transaction, “they should just contact their issuing bank.”
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.