RawPOS

RawPOS is a classical memory scraper that focuses on collecting credit card information from compromised systems. RawPOS does this by scanning the memory of specific processes for strings that match the ones found in the magnetic strips of credit cards. In addition to this, RawPOS also will use the Luhn algorithm to confirm that the extracted data is, in fact, a valid credit card number. The cybercriminals behind the RawPOS project have been active with this campaign since 2008, and their malware has been updated throughout the years regularly. The latest iterations of RawPOS have a very interesting feature – apart from looking for credit card data stored in the memory, RawPOS also will look for the driver's license information. This is likely to mean that the RawPOS operators are looking into identity theft as another possible way to generate revenue.

RawPOS Malware Targets Point-of-Sale Devices in the Hospitality Sector

RawPOS is usually installed on compromised point-of-sale devices, and this malware strain is usually found on unsecured point-of-sale devices used in the hospitality sector. It is important to note that the usage of the driver's license barcode is a rather rare occurrence, but it appears to be common enough for cybercriminals to go after it. Some places like bars, pharmacies, and retail shops may ask customers to swipe through their driver's license barcode under certain circumstances.

Seeing that point-of-sale malware is evolving to try to exfiltrate information other than credit cards is a worrisome trend definitely. One of the main reasons why threats like the RawPOS malware are threatening exceptionally is because there is almost nothing that customers can do to protect themselves from such attack – business owners are the ones responsible for the security of their point-of-sale devices, and they are the ones who have to take the required measures to protect their customers. We advise you to stick to shopping in trustworthy destinations.