Office supply chain Staples Inc. today finally acknowledged that a malware intrusion this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.
Yesterday’s story about the point-of-sale malware used in the Target attack has prompted a flood of reporting from antivirus and security vendors. Buried within those reports are some interesting details that speak to possible actors involved and to the timing and discovery of this breach.
Late last month I wrote about Citadel, an “open source” version of the ZeuS Trojan whose defining feature is a social networking component where users can report and fix programming bugs, suggest and vote on new features in upcoming versions, and generally guide development of the botnet malware. Since then, I’ve been given a peek inside that social networking space, and it suggests that Citadel’s collaborative approach is fueling rapid growth of this new malware strain.
A customer who bought a license to the Citadel Trojan extended an invitation to drop in on that community of hackers. Those who have purchased the software can interact with the developers and other buyers via comments submitted to the Citadel Store, a front-end interface that is made available after users are validated through a two-step authentication process.
The latest version of the SpyEye trojan includes new capability specifically designed to steal sensitive data from Windows users surfing the Internet with the Google Chrome and Opera Web browsers.
The author of the SpyEye trojan formerly sold the crimeware kit on a number of online cybercrime forums, but has recently limited his showroom displays to a handful of highly vetted underground communities. KrebsOnSecurity.com recently chatted with a member of one of these communities who has purchased a new version of SpyEye. Screenshots from the package show that the latest rendition includes new “form grabbing” capabilities targeting Chrome and Opera users.
