Oracle Micros POS error

Researchers at Trend Micro have come across MalumPOS, a new point-of-sale (PoS) malware designed to target systems running Micros and other PoS platforms.

Micros, acquired last year by Oracle for $5.3 billion, develops PoS and enterprise information software for the retail and hospitality industries. According to Oracle, more than 330, 000 Micros systems are currently deployed by firms in over 180 countries.

The MalumPOS malware, which is distributed through various methods, disguises itself as “NVIDIA Display Driver” or “NVIDIA Display Driv3r” on the infected system. Once it infects a device, the threat monitors running processes and scrapes their memory contents for valuable payment card information. The malware can target up to 100 processes, Trend Micro noted in a technical brief.

The scraped credit card data is encrypted and stored in a file named “nvsvc.dll” in order to make it appear as if it’s a component of the legitimate NVIDIA driver.

MalumPOS has been developed using the Delphi programming language and it uses regular expressions to search for credit card numbers and other valuable data. Different regular expressions are used to identify Track 1 and Track 2 data. The malware targets Visa, American Express, Discover, MasterCard and Diners Club cards, researchers said.

According to Trend Micro, the stolen data can be used to clone payment cards or to conduct fraudulent transactions online. Many of the potential victims are located in the United States.

It’s not uncommon for PoS malware to use regular expressions to identify payment card information. However, experts noted that the specific expressions used by MalumPOS were previously spotted in the Rdaserv malware family. Trend Micro says it has identified several similarities between Rdaserv and MalumPOS, which suggests that the threats are somehow connected.

In addition to disguising components as NVIDIA graphics drivers, the malware developers also use old time stamps (e.g. 1992-06-19 17:22:17), and dynamically loaded APIs to evade detection.

While MalumPOS appears to mainly target devices using the Micros platform, researchers say it’s also capable of stealing information from systems running Oracle Forms, Shift4 and ones accessed via Internet Explorer.

Payment gateway Shift4 has clarified that its product uses fully tokenized and point-to-point encryption (P2PE) hardware-based solutions that prevent any memory scraping malware from gathering cardholder data.

EFTPOS z3 error

Oracle MICROS POS training

Ingenico POS hack

Oracle MICROS POS support

Ingenico POS Manual