TinyPOS

Point-of-sale (POS) malware has been slowly fading out due to the increased security measures that both financial institutions and the producers of POS devices take to protect the sensitive data of their customers. However, malware researchers still come across some interesting malware specimens that target POS devices exclusively – such is the case with TinyPOS, a small memory scraper written in the Assembly language entirely. Using Assembly to write malware is odd nowadays since this is a low-level programming language, and there are much easier and more convenient alternatives to use – however, TinyPOS’ authors have taken advantage of the optimization options offered by the Assembly language, and they have shrunk their malicious file to just 5120 bytes.

The TinyPOS is able to scrape the memory of POS devices and collect credit card information that has been submitted recently – it also uses a Luhn algorithm to verify the validity of the credit card number before transferring the data to a Command & Control server operated by the attackers. According to cybersecurity experts, the servers of TinyPOS are situated in Eastern Europe, and this is likely to be the area from which its authors are.

Two samples of the TinyPOS malware have been detected in the UK, but they are unlikely to have caused any damage thanks to the chip & pin technology employed by credit card issuers in major European countries. However, experts in the field suspect that these builds of TinyPOS might have been used for testing purposes, and the real targets of the attackers might end up being regions with poorer credit card and point-of-sale devices security.