In early October 2016, Flashpoint Intelearned about advertisements on an underground forum for a new family of malware known as Flokibot, which has been aggressively stealing credit card data from POS devices across South America.
At this point, it’s not known how or whether Flokibot will also impact e-commerce businesses, which is why it’s so important to keep yourself informed. In this post, we break down everything you need to know about Flokibot.
Understanding Flokibot Malware
Flokibot is a new malware variant that is offered for sale on various darknet markets. It’s based on the 2011 Zeus Trojan malware, which was a particularly nasty piece of software that targeted Microsoft Windows and was often used to steal sensitive financial data from businesses. At the time, Zeus Trojan was one of the most successful botnet viruses in the world, and it affected millions of machines.
Flokibot ramps up the damage with several modifications that make it even more attractive for cybercriminals. Like Zeus, it’s designed to grab credit card data from retail point of sale (POS) devices. Additionally, according to advertisements on the black market, this malware is both adaptable and aggressive.
The initial infection typically occurs via a spearphishing attack, in which a merchant is enticed to open a phony Microsoft Word document either sent as an email attachment or embedded in an exploit kit, which is a software kit designed to run on web servers. Once the document or kit is opened, a macro executes the Flokibot malware and injects malicious code into the victim’s Microsoft Windows file manager.
The Flokibot code then attempts to infect multiple parts of the merchant’s POS system while hiding its actions and remaining virtually undetected by security teams.
How Flokibot Impacts E-Commerce Businesses
Recently, it was found that Flokibot had compromised the integrated POS devices of multiple Brazilian merchants. It also appears that Flokibot is spreading to other countries, including Australia, Paraguay, Croatia, the Dominican Republic, Argentina, the United States and Canada.
As of right now, the Flokibot malware only appears to target physical point of sale systems, which means it may not be a threat for e-commerce businesses. However, it’s important to remember that cybercriminals are always looking for ways to attack businesses and their customers. It’s not hard to imagine that if cybercriminals can get past the firewalls associated with standard POS systems, they may be able to get past the firewalls associated with e-commerce payments as well.
As an e-commerce merchant, Flokibot also highlights the very real risk that your next order may come from a cybercriminal leveraging stolen data. The best thing you can do is to stay vigilant and protect your business and customers with a fraud protection solution.
Implementing a fraud protection solution offers many benefits to e-commerce merchants. Some of these benefits include:
At ClearSale, we offer a fully-outsourced fraud protection solution that helps you better detect fraudulent offers and reduce instances of credit card fraud. Our technology is compatible with many widely-used gateways, shopping carts, order management systems, payment processors and acquirers.
To learn more about how ClearSale can help protect your business against fraud, contact us today.