The malware was observed on security scanners for the first time around January 28, 2017 and was detected by the Trend Micro team. Still, newly evidence revealed that the virus first infected systems between August and November 2016.
This new threat has a modular design and support for many features often found in RAT (Remote Access Trojans), allowing fraudsters to search for and select which systems they want to infect.
According to security researchers, the malware authors scanned for open VNC and RDP ports and used brute-force attacks to guess weak credentials. Afterwards lists with information about users, especially card data entered on the POS software, were downloaded by the cybercriminals.
Afterwards, stolen data was sent to a server nicknamed Magic Panel where payment card data were sold one ID at a time for prices ranging from USD 9 to USD 39, or in bulk packages of 25, 50, and 100 IDs, priced at USD 250, USD 400, and USD 700, respectively.
Furthermore, Trend Micro says for Bleeping Computer that the MajikPOS dumps contained data from American Express, Diners Club, Discover, Maestro, Mastercard, and Visa cards.
The Paypers. All rights reserved. No part of this site can be reproduced
without explicit permission of The Paypers(V2.3).