Bromium Labs shares in-depth analysis:
QUOTE: Back in 2009 several companies (including Visa and Verizon) published threat reports describing a new kind of malware – RAM scrapers (Verizon report, Visa report). These are malicious programs that search memory of point-of-sale (POS) systems for bank card information. After that a number of blog entries appeared, but neither of them (to our best knowledge) reveal the inner workings of RAM scrapers. Recently this issue has come back into the limelight with the recent Target breach. The exact details of the Target malware are still unknown but it is important to understand how RAM scrapers work and why they’re a big risk to the retail industry. In this blog, we analyze several families of POS malware and investigate techniques and approaches deployed to scrape bank card information in the infected system’s volatile memory.