Dexter payment card malware variant hits South Africa

The Dexter payment card skimming malware discovered last year has resurfaced in South Africa, resulting in millions of pounds lost to fraud.

A variant of the malware – named after US television show Dexter – has infected thousands of point of sales (POS) systems in some of the country’s biggest fast food chains and restaurants, including KFC.

As a variant, the malware was able to evade detection by signature-based anti-malware systems.

The Payment Association of South Africa (Pasa), that oversees local card transactions, said South Africa had been hit by one of the biggest cyber fraud attacks in its history.

The Dexter malware was linked to a series of attacks on point-of-sale systems in the UK, US and more than 30 other countries towards the end of 2012, according to the BBC.

The malware is designed to skim and transmit data from the magnetic strips on payment cards, to enable cyber criminals to clone the cards and commit fraud. The criminals are believed to be based in Europe.

The first signs of fraud emerged in the first two months of 2013. But only when the volume began to increase beyond normal levels did Pasa order a forensics investigation.

By the time the cause of the fraud was identified and infected, and organisations were able to clean up their systems, huge losses had been incurred.

Pasa said it is still unclear exactly where the criminals behind the fraud are based, but Interpol and Europol said they are making good progress towards making arrests.

According to Pasa, the losses will be borne by the banks and not payment card holders or infected businesses.

The attacks highlight the vulnerability of POS systems that are not designed with security in mind and are open to attack, particularly when running on systems connected to the internet.

Pasa is working with the banks and card schemes to block potential card data exposure and ensure merchants comply with the Payment Card Industry Data Security Standards (PCI DSS).