New RowPOS malware Grabs Driving License Information

Trend Micro security researchers alerting of a new version of RawPOS malware that allow cybercriminals to have sensitive information like credit card data. RawPOS is an old malware family that was known since 2008.

What is interesting in the shared study that the malware will not only target banking information but even other confidential data such as the driving license information.  This was found in the way RawPOS scans processes for strings.

Sample regular expression matching in newer files sourced Trend Micro

The malware still use some old technique to grab information on infected systems this is using the regular expression. What is updated in 2016 is more fields for driving license in US “The Information stored in each license varies per state, but the bar code mostly contains the same information present in each individual driver’s license or state ID – specifically: full name, date of birth, full address, gender, height, even hair and eye color.”  This is according to Trend Micro.

Driving license information can be used by attacker to confirm the identity during purchasing from pharmacies, shops, casinos and other public places. This mean that by combining the information from credit card and driving license attacker will be able to use victim identity without having the physical banking card at their disposal.

Notify of
Inline Feedbacks
View all comments