Dexter payment card malware strikes South Africa

Money Transfer

South Africa has been hit by one of the biggest cyber-fraud attacks in its history, according to the body that oversees local financial transactions.

The payment card systems of thousands of shops, restaurants and hotels had been compromised, said the Payment Association of South Africa (Pasa).

Losses were thought to be in the "tens of millions, but not hundreds of millions of rands", it said.

It added the attackers had used a new variant of the malware known as Dexter.

Ten million rand is worth £626,000 or just over $1m.

Dexter gets its name from a string of code found in one of its files, which may refer to the US television show that followed the exploits of a serial killer.

The Dexter code was linked to a series of attacks on point-of-sale systems in the UK, US and dozens of other countries towards the end of last year.

It skims and transmits the cards' magnetic-strip information, allowing clones to be made that can then be used for fraudulent purchases,.

Pasa said it believed the criminals responsible were based in Europe, but added it was not sure from which countries.
Copied magstrips

"It's probably the worst [attack] of its kind in terms of the losses," Walter Volker, Pasa's chief executive, told the BBC.

"We started detecting higher levels of fraud at some of these retailers early in the year - from about late-January, February. We initially thought it was a normal seasonal thing, but as the volumes increased we decided to appoint a forensics investigation company.

"Eventually it was able to find this particular malware in some of the locations. Very soon after we found the cause of the compromise, we were able to clean up those sites with anti-malware software."
KFC KFC restaurants were among those to have been targeted

Mr Volker added that while the attack had targeted back-end systems to steal data from the cards' magstrips, it had not stolen Pin codes or CVV payment authentication numbers - meaning the thieves would not have been able to withdraw money from bank cash machines or have used the information to make purchases from internet shops.