MENU

 

The following information was obtained from the different cyber security sources and provided as a notification to all parties concerned pursuant to the mandate of the Philippine National Police  Anti-Cybercrime Group (PNP ACG).


The information provided is classified as Restricted pursuant to the PNP Regulation 200-012 on document security with impact rating of significant and threat rating of high, based on PNP Information Communication p. 22 and p.129.


SUMMARY

“vSkimmer is a dangerous Trojan and botnet that is specifically designed to target credit card terminals and point of sale devices making its attack particularly effective at stealing credit card and banking credentials.”

vSkimmer uses the standard memory scan process on the victim’s computer in order to obtain credit card information that are being processed through a credit card reader.  It encodes the information using the standard HTTP protocol and connects to the command and control server.  Since vSkimmer was designed to steal credit card information to include the full credit card number, three-digit CVV code and expiration date, all stolen credit cards can be used to make fraudulent purchases immediately.

Once vSkimmer is successfully installed on a computer, it will be configured to start automatically every time the user login to Windows.  It usually display unwanted pop-up ads, fake alerts, non-existent infections and will redirect the user to an unknown malicious website.  vSkimmer has the ability to change the system settings and other vital files.  It can either disable executable programs or block access to reputable websites bypassing the scanning of the security software.


RECOMMENDATION

    The community are advised to follow the best practices in securing and protecting devices from vSkimmer trojan:

•    Do keep all installed programs up-to-date to prevent loophole;
•    Do read terms and agreements before download and install free applications;
•    Do keep the installed security tools on and go for real-time protection;
•    Don’t acquire programs from unofficial websites or the ones with low credit; and
•    Don’t open any suspicious links or unknown spam emails from strangers.
For additional information, please refer to the following security websites:

•    http://www.enigmasoftware.com/vskimmer-removal/1
•    http://www.securityweek.com/vskimmer-botnet-targeting-payment-card-terminals-connected-windows
•    https://tools.cisco.com/security/center/viewAlert.x?alertId=32750

POINT OF CONTACT

Please contact CSRAD, PNP ACG for any inquiries related to this CYBER SECURITY BULLETIN at http://mail.pnp.gov.ph/ and This email address is being protected from spambots. You need JavaScript enabled to view it. or call 7230401 local 5337.