New ‘UDPoS’ Malware Exfiltrates Credit Card Details via DNS Server

Researchers have identified a new strain of point-of-sale (PoS) malware that impersonates a LogMeIn service pack to steal credit card data via a DNS server.

According to security firm Forcepoint, the malware – dubbed “UDPoS” – is unusual in that it generates a large amount of UDP-based DNS traffic to exfiltrate magnetic strip payment card details.

“Nearly all companies have firewalls and other protections in place to monitor and filter TCP- and UDP-based communications; however, DNS is still often treated differently, providing a golden opportunity to leak data,” explained Forcepoint in a detailed blog post.

Source: Tripwire