Target's point-of-sale terminals infected with malware

code
Up to 110 million have been affected by the breach

The CEO of retailer Target has revealed in an interview that the company point-of-sale (PoS) system were infected with malware, confirming what security experts had expected back during the huge data breach at Target in December.

Greg Steinhafel told CNBC: "We don't know the full extent of what transpired, but what we do know is that there was malware installed on our point-of-sale registers. That much we've established."

Originally the American retail giant said that approximately 40 million credit card and debit card accounts may have been compromised by the breach. Now the company has announced that personal data, including names, addresses and emails, had also been stolen from an additional 70 million.

How is it done?

Malware programs designed for PoS systems are commonly referred to as RAM scrapers, because they search the terminal's random access memory (RAM) for transaction data and steal it.

PoS systems are actually computers with peripherals like card readers and keypads attached to them. Many of these systems run a version of Windows Embedded as the OS as well as special cash register software.

With the information from a card's magnetic stripe, known as track 1 and track 2 data, cybercriminals can effectively clone the card. However, they also need the PIN in order to withdraw money from an ATM or perform fraudulent transactions with a cloned debit card.

A post on an underground blog also surfaced recently with the author asking for aid in deciphering a 50GB collection of encrypted PIN codes. Researchers at IntelCrawler followed the discussion and determined that some of the cards in a sample provided by the author were issued by U.S and Canadian banks.

The recent request by the underground to decrypt PIN data may be coincidental to the Target breach or possibly some of the actual perpetrators floating the sample to see what resources and success the power of the underground has had or could have given the magnitude and value of the Target breach," they said in a blog post.