Mid-sized entertainment, hospitality, and food industry businesses are the target of DMSniff malware in an effort to steal their customers’ credit card information. C&C servers were created with a Domain Generation Algorithm (DGA) that researchers have seen 11 alternate variants of. This allows DMSniff to bypass authentication as well as continue communications with the PoS even if its domain is taken down. The malware is placed within the devices either physically or by brute forcing passwords. Once this is done, the malware is able to steal credit information from the magnetic strips when they are inserted into a payment device, which is all done before the information is encrypted and processed. After the malware obtains the information it is transferred to the C&C server in a remote location. Attackers can then do what they please with the information whether to use it for their own devious activities or to sell it on forum sites.
Users should review their accounts and make sure they have strong passwords attached to them and change them frequently so they can’t be easily guessed. Retailers who use the PoS systems should analyze their firewalls and connection logs to see if unknown IPs had logged in.