The massive Target hack is etched in our memories, why wouldn’t it be, more than 40 million credit and debit cards were compromised as a result of that hack. The malware infected POS systems at Target outlets around the country and stole card information as they were swiped for a couple of months before it was detected. Home Depot confirmed last week it was investigating a potential hack and it appears that the hackers used the same malware that was used for the Target job, though its said to be a modified and improved version of that malware.
Krebs on Security cites a source close to this investigation who revealed that registers at Home Depot stores were infected with a new variant of BlackPOS. This malware is design to lift data from credit and debit cards when they’re swiped at POS systems that are running Windows.
Its worth noting that BlackPOS was found on Target registered after the hack was discovered. Moreover, stolen cards presumably belonging to Home Depot customers showed up at the same underground site on which millions of cards lifted from the Target hack were first put up for sale. Its likely that the same group might be involved in both hackings.
The updated BlackPOS malware apparently has enhanced capability to steal card information from physical memory of infected POS systems and it is also said to have a feature which hides the malware as a component of the antivirus software that’s already running on the system.
It is feared that this hack might have compromised store transactions at Home Depot for a few months so the impact would possibly be quite huge. If you have used plastic at a Home Depot recently, it would be in your best interests to get on the phone with your bank and ensure that your cards are not being misused.