Converting a New Generation Square Reader into a Card Skimmer?
Method to Steal Credit Card Data without tampering with Square Reader
“We do not see it as a security risk,” a Square employee wrote in the report published on the Square’s bug bounty service HackerOne. “In particular, it is not possible to process a stored swipe more than once.”
Advanced Persistent Threat (APT) type attacks continue to emerge on a global scale. What makes these attacks deviate from the norm is often the resources required to develop and implement them: time, money, and the knowledge required to create custom pieces of malware to carry out specific, targeted attacks.
How does the attack work?
- Evade sandbox detection
- Connect to and control servers
- Exfiltrate data
- Deliver 2nd stage malware payloads
Impact on you
- Any malware installed on your network puts you at risk of compromise, especially one designed to steal data
- Once installed, Elise can infect other machines and continue to deliver additional malware variants as needed
- Elise is specially designed to steal data, putting you and your clients’ sensitive information at risk