Flokibot – POS Malware
A new point of sale malware spotted in the wild named “Flokibot” is slowly making its way to point of sale systems worldwide. The Flokibot malware was found compromising several point-of-sale systems in South Amerca, explicitly Brazil. A limited number of reports have been received from merchants targeted in other areas of the globe. These stories stretch from Australia all the way to the United States.
Flokibot, first uncovered back in September of 2016 as specifically targeting financial systems like point-of-sale devices. This software uses many variants to bypass security screening and detection within these types of devices.
With the potential to spread much further than it already has Visa has issued best practices guideline for merchants to reduce their risk of exposure to the Flokibot malware. The following are a few bullets that may require an IT professional to help you implement from that release:
- Maintain a patch management program, update all software, hardware, and firmware to most current release. These steps will limit the attack surface for zero-day vulnerabilities.
- Educate employees about avoiding phishing scams and safely opening emails with attachments
- Perform file integrity monitoring and alert on changes to explore.exe and svchost.exe processes on endpoints.
Chip and pin cards are harder to steal data from for potential hackers. Adoption of Chip and Pin technology is strongly recommended for merchants who have not updated their technology. Retailers should work with their IT professional to be aware of and execute the Payment Card Industry Data Security Standard (PCI DSS) to enhance security at each location further.
This malware is further reason why merchants should be diligent in adopting chip and pin technology. This technology makes it harder for fraudsters to steal consumer information. Card users should also be aware of the protections that technology provides them.
Consumers should also be wary of email requests for credit card information, using credit cards in lesser known non-reputable stores, and subscribe to bank transaction updates to further increase their personal payment security.
The Recent Chipotle Breach
Did Malware Compromise the Point Of Sale System?
Chipotle Mexican Grill is just one more large scale merchant to report a possible data breach in its point of sale system. According to a Chipotle representative, the company recently discovered unauthorized activity on the network that supports payments in its over 2,000 restaurants. The investigation focuses on transactions processed between March 24th and April 18th of this year. The organization believes it has stopped the suspicious network activity. Furthermore, it has notified card networks, in turn, they will notify issuing banks who will notify any affected customers.
Could this have been due to a malware variant of Flokibot?