A financial malware strain has been found targeting payment systems behind transit systems and kiosks sucking up all manner of junk data, researchers say.
The malware dubbed d4re|dev1l (dare devil) has been found in kiosks at Italy's regional transport company Azienda Regionale Sarda Trasporti, as well as at undisclosed companies – including at least one Australian business running an enterprise point-of-sale terminal.
Payment platforms from QuickBooks, OSIPOS and Gemini were among "many others" affected, IntelCrawler researches said in a post.
"IntelCrawler believes that such kind of devices will become the new target for cyber criminals," researchers said.
"These kiosks and ticket machines don't usually house large daily lots of money like ATMs, but many have insecure methods of remote administration allowing for infectious payloads and the exfiltration of payment data in an ongoing and undetected scheme."
One such unnamed infected kiosk was found insecure after staff breached company protocol and played games and browsed the web on the machine.
Another women's clothing shop based in a US airport has had its QuickBooks payment platform breached (The Register has tipped off the affected business) gaining credit card and username and password data.
Much of the data was junk and hoovered up by what appeared to be eager fraudsters keen on maximising profit from stolen cards and credentials.
Dare Devil was capable of deploying "advanced" backdoors, RAM scraping and keylogging.
"As this POS malware market is evolving, new security measures are needed to combat the seemingly continuous strains being developed by the underground," the researchers said.
They recommended businesses minimise software available to operators on payment devices and kiosks, enforce access control lists and push administrative functions over VPN. ®