South African banks have sustained millions of dollars worth of losses after criminals obtained payment card data from electronic point-of-sale terminals infected with malware, according to published news reports.
Hundreds of thousands of people have probably been affected by the fraud, which was primarily focused on KFC outlets and other South African fast-food restaurants, Bloomberg News reported Tuesday. The news service quoted an official with the Payments Association of South Africa as saying: "There's not a single bank that hasn't been affected." In all, losses come to tens of millions of South African rand, which converts to millions of US dollars.
South Africa-based TechCentral, citing Payments Association CEO Walter Volker, said the card data was obtained from point-of-sale terminals infected with malicious software known as Dexter. The malware, which uploads the contents of a terminal's computer memory to remote servers controlled by criminal syndicates, first came to light ten months ago. It's capable of isolating payment cards' Track 1 and Track 2 data contained in memory dumps. Previously, it had infected hundreds of terminals at big-name retailers, hotels, restaurants, and other businesses located in North America and Europe, according to researchers at Seculert, the Israel-based security firm believed to have discovered Dexter. The malware gets its name from a text string found in one of its files.