Home Malware Programs Malware JackPOS

JackPOS

Posted: February 14, 2014

Threat Metric

Ranking: 6,921
Threat Level: 1/10
Infected PCs: 152
First Seen: February 14, 2014
Last Seen: October 16, 2023
OS(es) Affected: Windows


JackPOS is Point-of-Sale or POS spyware that compromises PCs used for credit card transactions, stealing the related financial information and, afterward, sending it to third parties for future abuse. In comparison to similar PC threats, JackPOS is a globe-trotting Trojan that's been seen in significant numbers within countries as different as South Korea, Spain and the United States. To protect itself from being noticed, JackPOS disguises both its installer and its installed components so that they resemble the files of a safe Java update. Businesses that use appropriate PC security should be adequately protected from JackPOS, but for JackPOS's credit card victims, the only sign of its attacks will be the new credit card charges and other issues resulting from criminals having access to your personal information.

The Businesses that Don't Know Jack About Dealing with Spyware

As a POS spyware program, JackPOS is of the utmost concern to any business that handles credit card transactions as part of its regular activities. In a sharp change of campaign style from geography-limited banking Trojans like Bancos or the Corkow Trojan, JackPOS hasn't shown any distinct pattern in its attacks. A city in Brazil appears to be the current contender for most affected by JackPOS, with thousands of credit cards stolen. However, major outbreaks of JackPOS have been seen in India, the United States, Canada and Italy.

In many situations, a very modest number of JackPOS infections were responsible for a high quantity of credit card thefts. Malware experts currently estimate that Vancouver is the worst example of this, with a single JackPOS infection responsible for a total of four hundred thefts.

JackPOS is installed through attacks which exploit vulnerabilities on your PC to install JackPOS or encourage you to install JackPOS on your own. These attacks may misrepresent JackPOS as some form of software update, and JackPOS's executable names include such disguises as 'Java.exe' and 'Jse.exe.' Along with stealing credit card information from POS machines, JackPOS also has a basic Command & Control server-based backdoor, which lets JackPOS uninstall or update itself. Unlike most C&C Trojans that malware researchers have examined, JackPOS doesn't appear to have any functions for installing other threat, which makes its purpose particularly specialized.

Putting JackPOS Back in the Box

JackPOS does have memory dumping issues and a number of other, minor shortcomings that make it clear that JackPOS is far from the advanced, professionally-designed aesthetic of something like Trojan Zeus. However, JackPOS is perfectly capable of performing its intended function of stealing credit cards, and JackPOS already has proven itself – to the tune of thousands of credit cards from all over the world.

Businesses should maintain high security standards to protect their work machines from being compromised by JackPOS, which uses a process-injecting technique to keep itself hidden. Anti-malware protection, the proper separation of systems, restricted network access and the regulated use of removable devices all can play a part in preventing JackPOS from making headway into your workplace.

Victims of JackPOS's credit card thefts will be unable to tell of any issues until criminals already have made use of their cards. If you notice any unusual credit card bills, and, especially, happen to live in a city previously confirmed to be part of JackPOS attacks (such as Sao Paulo), you should contact your credit card company for further advice.

Technical Details

Additional Information

The following URL's were detected:
yssads.ddc.com
Loading...