While we wait to discover what and how the Trump Hotel Collection was breached, a new version of the TinyPOS point-of-sale (PoS) malware has been discovered by Foregenix.
This malware functions as a typical memory scraper. It gathers input card data before the system can encrypt it, but is written in “‘hand rolled’ assembly language and comes in at only 5120 bytes.”
“The malware contains an old school exclusion list that performs extremely rapid double word comparisons rather than the slower but far more common string comparisons to identify which process to ignore, and internally validates the identified account data through an implementation of the Luhn algorithm,” states the alert. The Luhn algorithm uses the last four digits of a card number against the preceding numbers – it simply checks the number is a valid card number.
