Types of POS Malware part 2

February 26, 2014
min read

The aftermath of the Target breach has raised concern and hopefully greater awareness to the benefits of PCI Compliance. To help increase awareness on POS Malware we’ve covered a few in our previous post, and will continue to cover more in today’s post. First up, Dexter:


Dexter is another Windows-based POS Malware that has several active variants. Like BlackPOS, “"parses memory dumps of specific POS software related processes looking for Track 1 and Track 2 data"

Track 1 data is cardholder name and account numbers and Track 2 is the credit card number and expiration date.

One of its variants, Stardust also extracts internal network traffic information from the company under attack. It’s possible that some of Dexter’s variants are delivered to POS systems via phishing emails or other malicious actors that can access systems remotely. Learn more about Dexter here.  


A supposed successor to Dexter, VSkimmer also targets Windows-based systems. VSkimmer has nearly all the same functionality as Dexter however it is unique in that if the Internet is not available, it does not need to use the Internet to transfer data. In the case with no Internet, it collects all the data and waits for a USB device with a specific name to be connected to the infected machine. Once connected, it then transfers all the information to that USB. Want to learn exactly how it works? Check out McAfee’s blog on the Malware here.We strongly recommend that businesses running POS systems should follow best security practices and maintain PCI Compliance. Please use strong passwords, multi-step authentication, update your applications when available and disallow remote access unless necessary.

Want more tips on how to beef up your payments security? Give us a call.