The recent credit card data breach from Home Depot has released the information of thousands of card numbers as well as the city and zip of the location the store the number was taken from. This is important as the card fraudsters ended up with all the information necessary to carry out full usage of the card numbers. Some of the fraudsters even called customer service in order to change the PIN numbers, explaining that they were traveling in Italy. They were able to provide the CCV of the card, the zip code, and the last four digits of the card holder’s social security number. The fraudsters were calling from prepaid and disposable Magic Jack numbers.
According to our news source Krebs On Security, the credit card data breach is said to have been conducted with the same malware that had caused the Target credit card breach over the winter. One large west coast bank reported that they had over 300,000 in debit card fraud in a few hours just after this breach took place.
The malware had been infected in several registers at Home Depot. Called “BlackPOS” (or “Kaptoxa”), it’s a strain of the same malware that infected Target, and the stolen card information has gone up on the crime hub Rescator.
All of this comes amidst reports that there have been new versions of BlackPOS popping up – one was found in the wild by Trend Micro, which published a blog post about it here. The malware is designed to run on POS machines running Windows, and has increased data collecting abilities as well as the ability to disguise itself as part of the antivirus and anti-malware software that may be running on the machine.