South African Banks Lose Out In Dexter Malware Fraud

Peter Suciu for – Your Universe Online
The Showtime series Dexter wrapped up its run last month, but the serial killer lives on – and not in ways that the show runners or the network would likely have had in mind. South African banks have been hit by malware known as “Dexter” that could be one of the biggest cyber-fraud attacks in its history.
According to the Payment Association of South Africa (PASA), the body that oversees local financial transactions, a payment card system of thousands of shops, restaurants and hotels had been compromised and losses are in the tens of millions of rands – just over $1 million (US).
“There’s not a single bank that hasn’t been affected,” PASA Chief Executive Officer Walter Volker told Bloomberg in a phone interview on Tuesday. “We first detected higher volumes of fraud early in the new year.”
The hackers are believed to have loaded software via compromised computers at various outlets, which captured the data stored on the magnetic strip of a bank card. From here the hackers were able to either produce their own fraudulent cards or may have sold the compromised data to a third party.
Hundreds of thousands of customers have likely been affected by the fraud, which has been traced back to Europe. Africa’s biggest lender, Standard Bank Group Ltd., is reportedly aware of the breach and is working to limit its potential exposure, Bloomberg reported.
The South Africa-based TechCentral also reported that the card data was likely obtained from point-of-sale terminals, which were infected with the “Dexter” malware. This code can upload the contents of the terminal’s computer memory to remote servers, which are controlled by criminal syndicates.
The attack had targeted back-end systems from the cards’ magstrips so it did not apparently compromise pin codes or the CVV payment authentication numbers.
The BBC reported this means thieves would not have been able to withdraw money from bank cash machines and could not have used the information gathered to make purchases via the Internet.
“It took quite a while to get to the bottom of [this incident], because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up,” Volker told TechCentral as reported by Ars Technica. “This one was a variant that was changed to [avoid detection] by the antivirus software.”
PASA has noted it will ultimately be the banks, rather than the public or even the businesses, that would face losses as a consequence of the attack.
“The South African card holders – or potentially tourists using their cards at the affected sites – will not be exposed to any losses,” Volker told the BBC. “It’s just the inconvenience of detecting false transactions on their accounts. If that has happened they should just contact their issuing bank.”
Dexter derives its name from a string of code found on one of its files, and it is believed it refers to the US television show that followed the exploits of a serial killer. However, given that Dexter – the character – usually took down bad guys, it is unlikely he’d appreciate the malware being named for him.